Two Hundred Fifty Thousand (and counting) IPs used to attack WordPress, Joomla, Drupal, and other web applications.
Reading this brute force attack topic will surely help you to better understand how you need to deal with similar website hacker situations.
There is a new global brute-force attack on against ALL – WordPress, Joomla, and Drupal sites (possibly other) across the entire web hosting industry. All major, small, large, medium, hosting companies, and their clients are being impacted. This is by far one of the LARGEST and very effective Cyber Attacks in recent days.
The attack is distributed, and we have seen so far over 250,000 (and counting) IPs used to attack WordPress, Joomla, Drupal, and other web applications. The attack is targeting mostly the administration area of all popular free applications.
We urgently advise you that you change all of your Administrative access for any hosted WordPress / Joomla / Drupal or other web applications you may have installed. We have a separate article that focuses on selecting a strong password which you can review here.
Generally speaking a secure password consist of: upper AND lowercase letters, at least eight characters long, and including special characters such as (^%$#&@*).
If you do NOT change your password – the change of your account getting compromised is very high!
If you are a Reseller, have a VPS or Cloud server with us and hosting other clients we advise you that you immediately notify your clients regarding this attack ,and advise them to secure their passwords.
In addition to change your password we advise that you read the following articles:
1) Brute force attacks security essentials:
Brute force attack what is this attack about and how to protect our sites against it
2) WordPress security tips:
Important tips on wordpress security
3) Joomla security tips:
Important tips on Joomla security
We suspect that this attack has been developing for some time and have peaked just this past week. The obvious symptoms of this attack are a very slow administration panel on your WordPress, Joomla, Drupal site or an inability to log in at all. In some instances your site could even intermittently go down for short periods of time. If you are using a VPS or Dedicated server you may see high load averages and delays in accessing your server.
We have already taken several measures to mitigate this attack throughout our data center, but with the scale of this attack we urgently require all of our clients to take the necessary steps since the distributed nature of the attack makes it hard to isolate/prevent from moving forward. If the attack continues to grow, and mature we maybe forced to take additional actions such as temporary limiting access to WP/Joomla/Drupal administration pages.
For any VPS or Dedicated server clients hosting WP/Joomla/Drupal sites and experiencing high load or slow server connection we can provide you with further assistance by implementing additional global restriction rules on your server. This may not be ideal solution however if you are under an attack that will be a required measure. Please contact us via normal support channels for further assistance. You are also welcome to copy the information from our blog posts, and share with your clients.
We created a dedicated blog post regarding this attack:
Which we will be updating with any additional information, and TIPS as we monitor the progression of the attack and develop new mitigation solutions.
We want to emphasize that this is a global attack, and all web hosts are currently being impacted. There is currently no immediate or easy fix against this attack. Rest assured we are working around the clock to make sure that we are on top of any new developments.
That’s all the information I have on the new Cyber Attacks make sure your site is protected.