Floods of Wordpress attacks traced to easily hackable, ISP-supplied routers

Originally published at: http://boingboing.net/2017/04/12/port-7547.html


So why is WordPress in particular targeted? I can’t imagine switching from it would stop botnets


It(especially when combined with a generous pile of plugins) has a poor reputation for security, and is commonly deployed by people who are a trifle out of their depth; but onto servers, or at least VPSes, that provide more bandwidth and better uptime than compromised residential stuff.

People would move on to something else if it went away; but it is currently considered a great pick if you are looking for internet-facing servers with known vulnerabilities and admins who probably aren’t paying enough attention.

(Edit: also, “Wordfence” probably has a rather specific focus, so regardless of the overall rank of WordPress vs other stuff, their reports probably remain focused on WordPress. Which isn’t a bad thing, it needs the help; but if these routers spend the rest of the month attacking other stuff, they might we’ll have no way of knowing.)


Seems like Zyxel could use the vulnerability to patch their own routers.


Powers approximately 25% of the web. Wordfence makes a tool for protecting Wordpress so as @fuzzyfungus said it is their primary focus and their Web Application Firewall for wordpress is how they are gathering data on these attacks.

Edit: Oh and their security newsletter is excellent. I’ve been subscribed for some time. If you have a wordpress site or develop wordpress sites it is a must read.

1 Like

Because idiot sysops don’t patch their damn Wordpress installations and plugins. See the rash of MongoDB attacks for examples of bad defaults, idiot administrators, and the resulting carnage.

1 Like

This topic was automatically closed after 5 days. New replies are no longer allowed.