A large distributed brute force attack against WordPress sites is understood to be occurring. A large botnet with more than 90,000 servers is attempting to log in by cycling through different usernames and passwords.
According to a blog update on IXWebHosting, they are currently experiencing issues where there is a brute force attack on the default WordPress login pages of their customers.
"As you can see from our numbers, we were seeing 30 to 40 thousand attacks per day the last few months. In April 2013, it increased to 77,000 per day on average, reaching more than 100,000 attempts per day in the last few days." Sucuri study says.
This attack is greatly effecting Linux servers and attack is possibly conducted using botnets. To solve the issue, hosting administrator block all connections to wp-login.php.
"At this moment, we highly recommend you log into any WordPress installation you have and change the password to something that meets the security requirements specified on the WordPress website. These requirements are fairly typical of a secure password: upper and lowercase letters, at least eight characters long, and including "special" characters (^%$#&@*)." Hostgator recommends to their users..
"A large botnet has been attempting to break into WordPress websites by continually trying to guess the username and password to get into the WordPress admin dashboard. This is affecting almost every major web hosting company around the world. Our Network Operations Centre (NOC) has detected a significant increase in botnet activity in the last 24 hours." Spiral Hosting also issue notice to their customers.
Users are advised to use .htaccess to protect their admin area and to rename the login pages. This is a global issue affecting all web hosts. Stay tuned to our Twiter and Facebook Page for further information.