This article is from the source 'bbc' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at http://www.bbc.co.uk/news/technology-22152296
The article has changed 2 times. There is an RSS feed of changes available.
Previous version
1
Next version
Version 0 | Version 1 |
---|---|
Wordpress website targeted by hackers | Wordpress website targeted by hackers |
(1 day later) | |
Wordpress has been attacked by a botnet of "tens of thousands" of individual computers since last week, according to server hosters Cloudflare and Hostgator. | Wordpress has been attacked by a botnet of "tens of thousands" of individual computers since last week, according to server hosters Cloudflare and Hostgator. |
The botnet targets Wordpress users with the username "admin", trying thousands of possible passwords. | The botnet targets Wordpress users with the username "admin", trying thousands of possible passwords. |
The attack began a week after Wordpress beefed up its security with an optional two-step authentication log-in option. | The attack began a week after Wordpress beefed up its security with an optional two-step authentication log-in option. |
The site currently powers 64m websites read by 371m people each month. | The site currently powers 64m websites read by 371m people each month. |
According to survey website W3Techs, around 17% of the world's websites are powered by Wordpress. | According to survey website W3Techs, around 17% of the world's websites are powered by Wordpress. |
"Here's what I would recommend: If you still use 'admin' as a username on your blog, change it, use a strong password," wrote Wordpress founder Matt Mullenweg on his blog. | "Here's what I would recommend: If you still use 'admin' as a username on your blog, change it, use a strong password," wrote Wordpress founder Matt Mullenweg on his blog. |
He also advised adopting two-step authentication, which involves a personalised "secret number" allocated to users in addition to a username and password, and ensuring that the latest version of Wordpress is installed. | He also advised adopting two-step authentication, which involves a personalised "secret number" allocated to users in addition to a username and password, and ensuring that the latest version of Wordpress is installed. |
"Most other advice isn't great - supposedly this botnet has more than 90,000 IP addresses, so an IP-limiting or login-throttling plugin isn't going to be great (they could try from a different IP [address] a second for 24 hours)," Mr Mullenweg added. | "Most other advice isn't great - supposedly this botnet has more than 90,000 IP addresses, so an IP-limiting or login-throttling plugin isn't going to be great (they could try from a different IP [address] a second for 24 hours)," Mr Mullenweg added. |
Matthew Prince, chief executive and co-founder of Cloudflare, said that the aim of the attack might have been to build a stronger botnet. | |
"One of the concerns of an attack like this is that the attacker is using a relatively weak botnet of home PCs in order to build a much larger botnet of beefy servers in preparation for a future attack," he wrote in a blog post. | "One of the concerns of an attack like this is that the attacker is using a relatively weak botnet of home PCs in order to build a much larger botnet of beefy servers in preparation for a future attack," he wrote in a blog post. |
"These larger machines can cause much more damage in DDoS [Distributed Denial of Service] attacks because the servers have large network connections and are capable of generating significant amounts of traffic," he added. | "These larger machines can cause much more damage in DDoS [Distributed Denial of Service] attacks because the servers have large network connections and are capable of generating significant amounts of traffic," he added. |
Previous version
1
Next version