A botnet consisting of over 20,000 WordPress sites is being used to attack and infect other WordPress sites. Once compromised, these new sites are added to the botnet so that they too can be used to perform commands for the attackers.
In new research released by WordPress security firm Defiant, it was discovered that attackers have recruited over 20K WordPress installs into a botnet that can be issued commands to brute force the logins for other WordPress sites on the Internet. Defiant has further stated that between their Wordfence brute-force protection module and IP blacklist, they have blocked over 5 million authentication requests from these attackers.
These brute force attacks target the XML-RPC implementation of WordPress in order to brute force user name and password combinations until a valid account is discovered. XML-RPC is an end point that external users can use to remotely post content to a WordPress site using the WordPress or other APIs. This endpoint is located in the root directory of a WordPress install at the xmlrpc.php file.
Källa: Botnet of 20,000 WordPress Sites Infecting Other WordPress Sites
0 kommentarer