WordPress Installations Under Brute-Force Attack
There is an ongoing attack against some WordPress implementations that is trying to brute-force the passwords for the administrator accounts on the installations. The attack is being driven by an automated PHP script that tries thousands of possible passwords.
The SANS Internet Storm Center has posted an analysis of the WordPress attack script, which was found on a virtual private server. The script has the added ability to allow an attacker to run it on a number of different servers at the same time, as the passwords it tries are stored in a MySQL database that can be accessed remotely.
The wp_brute_attempt() function takes 3 parameters, $ch which is cURL's structure (cURL is a command line tools that can be used to perform HTTP requests). The other two parameters define the site and the password that will be tried. If the script logged in successfully, the page that gets returned by the server will contain the phrase "Log Out", and the function will return a true value.
Editor's Pick
Now, the interesting thing about the script is that it allows distributed cracking. Information is saved in a MySQL database and the script actually connects directly to the main database. This allows the attacker to run many simultaneous scripts – each of them will take 200 new URLs and mark them with the brute forcer's ID ($colo).
WordPress, a popular blogging platform, has been found to have a slew of vulnerabilities in recent months and attacks against the platform have become common. WordPress is used in a lot of corporate blogging environments and also is used by millions of individual bloggers.
Commenting on this Article is closed.
Today's Most Popular
- Yahoo Includes Private Key in Source File For Axis Chrome Extension
- FBI Warns Top Firms Of Anonymous Protest Hacks on May 25
- Researchers Unveil New Way to Trust Certificates
- DNSChanger Lingers: 330k Systems Still Infected, 77,000 In The U.S.
- Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops
Most Commented Stories
-
Forget 'Brogrammers,' Women Have The Edge In DEFCON Social Engineering Contest (11)
-
New York Lawmakers Want Anonymous Comments Banned (8)
-
Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops (14)
-
FBI Warns Top Firms Of Anonymous Protest Hacks on May 25 (7)
-
HULK DDoS Tool Smash Web Server, Server Fall Down (6)
Newsletter Sign-up
Take Our Poll
Listen to Latest Podcasts
-
-
You are missing some Flash content that should appear here! Perhaps your browser cannot display it, or maybe it did not initialize correctly.
-
You are missing some Flash content that should appear here! Perhaps your browser cannot display it, or maybe it did not initialize correctly.



