Floods of Wordpress attacks traced to easily hackable, ISP-supplied routers


#1

Originally published at: http://boingboing.net/2017/04/12/port-7547.html


#2

So why is WordPress in particular targeted? I can’t imagine switching from it would stop botnets


#3

It(especially when combined with a generous pile of plugins) has a poor reputation for security, and is commonly deployed by people who are a trifle out of their depth; but onto servers, or at least VPSes, that provide more bandwidth and better uptime than compromised residential stuff.

People would move on to something else if it went away; but it is currently considered a great pick if you are looking for internet-facing servers with known vulnerabilities and admins who probably aren’t paying enough attention.

(Edit: also, “Wordfence” probably has a rather specific focus, so regardless of the overall rank of WordPress vs other stuff, their reports probably remain focused on WordPress. Which isn’t a bad thing, it needs the help; but if these routers spend the rest of the month attacking other stuff, they might we’ll have no way of knowing.)


#4

Seems like Zyxel could use the vulnerability to patch their own routers.


#5

Powers approximately 25% of the web. Wordfence makes a tool for protecting Wordpress so as @fuzzyfungus said it is their primary focus and their Web Application Firewall for wordpress is how they are gathering data on these attacks.

Edit: Oh and their security newsletter is excellent. I’ve been subscribed for some time. If you have a wordpress site or develop wordpress sites it is a must read.


#6

Because idiot sysops don’t patch their damn Wordpress installations and plugins. See the rash of MongoDB attacks for examples of bad defaults, idiot administrators, and the resulting carnage.


#7

This topic was automatically closed after 5 days. New replies are no longer allowed.