Thousands of hacked WordPress sites used in global scale attacks

Thousands of WordPress based websites have been hacked to compose a global scale botnet that is performing powerful DDOS attacks.

I start the post with recommendations, if you are a blogger using WordPress don’t waste time and update it and all installed plugins to the latest versions!

Have you done it? OK, now I can explain you what it is happening.

Thousands of WordPress blogs have been hacked to compose a global scale botnet that is performing powerful DDOS attacks.

We read in the past of a massive cyber attack coordinated with a huge botnet against millions of websites based on the popular CMS WordPress, around 100000 servers were successful compromised fueling the malicious architecture used for the attack.

The news was reported by CloudFlare and HostGator that on April alerted the WordPress community on the ongoing massive attack launched against WordPress blogs all over the Internet, the alert was related to a massive brute-force dictionary-based attack conducted to expose the password for the ‘admin’ account of every WordPress site.

In August, 2013 researchers at Arbor Networks have discovered a botnet dubbed Fort Disco  that was used to compromise more than 6000 websites based on popular CMSs such as WordPress, Joomla and Datalife Engine.

My colleagues at TheHackerNews received a DDOS attack logs report from ‘Steven Veldkamp‘ that highlights that the victim’s website was under heavy DDoS attack recently, originated from numerous compromised WordPress based websites. It is highly probably that the ongoing attack is linked to the events occurred in April that allowed attackers to take control of a high number of vulnerable WordPress Hosts.

The attacks are very concerning due to the botnet extension and the high performance of bots. The offensive is conducted on a global scale and appears highly distributed in nature and well organized, for these reasons it is very difficult to block malicious traffic.