Página 1 de 2 12 ÚltimoÚltimo
Resultados 1 a 10 de 12
  1. #1
    Aspirante a Evangelist
    Data de Ingresso
    Feb 2012
    Localização
    Lisboa, Portugal
    Posts
    403

    Ataques bruteforce WordPress

    Patching the Internet in Realtime: Fixing the Current WordPress Brute Force Attack - CloudFlare blog

    There is currently a significant attack being launched at a large number of WordPress blogs across the Internet. The attacker is brute force attacking the WordPress administrative portals, using the username "admin" and trying thousands of passwords. It appears a botnet is being used to launch the attack and more than tens of thousands of unique IP addresses have been recorded attempting to hack WordPress installs.

    One of the concerns of an attack like this is that the attacker is using a relatively weak botnet of home PCs in order to build a much larger botnet of beefy servers in preparation for a future attack. These larger machines can cause much more damage in DDoS attacks because the servers have large network connections and are capable of generating significant amounts of traffic. This is a similar tactic that was used to build the so-called itsoknoproblembro/Brobot botnet which, in the Fall of 2012, was behind the large attacks on US financial institutions.

    ...
    Alguem mais sofreu com isto? Isto não tem nada a ver com malware injectado.
    Sampling Line - Serviços e Internet, Lda.
    PTServidor - Alojamento Web, Domínios, Lojas, VPS, Radios, Dedicados, Housing/Colocation
    Blog PTServidor | Registrar Oficial FCCN|MS Partner|R1Soft

  2. #2
    {topmember}
    Data de Ingresso
    Nov 2010
    Localização
    Rio de Janeiro
    Posts
    596

  3. #3
    Super Moderador
    Data de Ingresso
    Sep 2010
    Localização
    Procurando...
    Posts
    4,106
    Citação Postado originalmente por DuranDuran Ver Post
    mas considerando um servidor que voce gerencia, voce pede aos clientes para instalarem?
    Siga-nos em nosso twitter: @wht_brasil

  4. #4
    Quero ser Guru
    Data de Ingresso
    Sep 2011
    Localização
    São Paulo / SP
    Posts
    51
    Uma boa seria alterar a senha o mais breve possível.

  5. #5
    {topmember}
    Data de Ingresso
    Nov 2010
    Localização
    Rio de Janeiro
    Posts
    596
    Citação Postado originalmente por Winger Ver Post
    mas considerando um servidor que voce gerencia, voce pede aos clientes para instalarem?
    Esse é o maior problema, eu tenho até uma FAQ especifica e bem completa no nosso suporte informando passo-a-passo como deixar o WP mais seguro (com instalação de alguns plug-ins e mudanças na config, como por exemplo mudar o diretório/index do admin entro outros).

    Mas sabe como é... é como conversar com uma porta. Apenas 1% das portas conseguem te ouvir.

    O que mais me chateia e me deixa irado realmente é que a maioria tá cagando-e-andando para segurança. Quando é invadido reclama logo de segurança do servidor e lá vem reclamação no difameaqui.

  6. #6
    WHT-BR Top Member
    Data de Ingresso
    Nov 2010
    Posts
    1,608
    Encontrei isso,

    Stopping Brute-force Logins Against Wordpress

    Não testei, se alguém puder testar e compartilhar...

    oGigante.com*• Revenda de Hospedagem Cloud Linux + WHMCS Grátis
    VWhost.com.br • Revenda de Hospedagem Linux Cpanel + CloudFlare
    Zocka.com.br • Hospedagem de Sites Cpanel + Construtor de Sites

  7. #7
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    14,983

    WordPress Attacks Hammer Web Hosts

    O ataque força-bruta para descobrir senhas admin de blogs WordPress está se estendendo a sites rodando Joomla.

    Estima-se que o ataque está utilizando 90 mil servidores comprometidos -- a maioria hospedado em data centers.


    A large-scale attack – powered by 90,000 web servers – has been launched against WordPress blogs with weak admin credentials, and web hosts are being warned to update passwords immediately.

    The attacks have also extended to Joomla websites, and Go Daddy has been working at mitigating the attacks for its WordPress and Joomla customers this week.

    A post by KrebsOnSecurity says that analysts from a range of security and networking firms have tracked “an alarming uptick in so-called ‘brute-force’ password-guessing attacks against websites powered by WordPress, perhaps the most popular content management system in use today.”

    Marc Gaffan, co-founder of Incapsula, a security firm, told Krebs that the attacks are creating chaos at some web hosting firms.

    It’s hurting the service providers the most, not just with incoming traffic. But as soon as those servers get hacked, they are now bombarding other servers with attack traffic. We’re talking about web servers, not home PCs. PCs maybe connected to the Internet with a 10 megabit or 20 megabit line, but the best hosting providers have essentially unlimited Internet bandwidth. We think they’re building an army of zombies, big servers to bombard other targets for a bigger cause down the road.

    HostGator has warned its customers with WordPress websites to change their passwords to something that meets the requirements specified on the WordPress website: something with upper and lowercase letters, at least 8 characters long, and including ‘special’ characters.

    The main force of this attack began last week, then slightly died off, before picking back up again yesterday morning. No one knows when it will end. The symptoms of this attack are a very slow backend on your WordPress site, or an inability to log in. In some instances your site could even intermittently go down for short periods. We are taking several steps to mitigate this attack throughout our server farm, but in the same breath it is true that in cases like this there is only so much that can actually be done. The servers most likely to experience service interruptions will be VPS and Dedicated servers hosting high numbers of WordPress installations, due to the incredibly high load this attack has been seen to cause.

    ResellerClub is also working hard at mitigating the WordPress attack, but says it has noted the issue before.

    To give you a little history, we recently heard from a major law enforcement agency about a massive attack on US financial institutions originating from our servers.

    We did a detailed analysis of the attack pattern and found out that most of the attack was originating from CMSs (mostly WordPress). Further analysis revealed that the admin accounts had been compromised (in one form or the other) and malicious scripts were uploaded into the directories.

    Today, this attack is happening at a global level and WordPress instances across hosting providers are being targeted. Since the attack is highly distributed in nature (most of the IP’s used are spoofed), it is making it difficult for us to block all malicious data.

    Melbourne Server Hosting has seen signs of attempted WordPress and Joomla access as well.

    Like many other hosting providers, we’ve seen signs over the past 48 hours of increased attempts to access and compromise popular CMS and blog web applications such as WordPress and Joomla.

    Whilst there is the clear risk of having your CMS compromised, the more immediate threat posed here is that of a denial of service attack, which will render your sites slow and in some cases, completely exhaust the resources available to your services causing a system crash.

    For web hosts that use CloudFlare, their customers should be protected from this brute-force WordPress attack as CloudFlare has rolled out a fix to all of its customers automatically, even users on the free tier.

    We just pushed a rule out through CloudFlare’s WAF that detects the signature of the attack and stops it. Rather than limiting this to only paying customers, CloudFlare is rolling it out the fix to all our customers automatically, including customers on our free plan. If you are a WordPress user and you are using CloudFlare, you are now protected from this latest brute force attack.

    Because CloudFlare sits in front of a significant portion of web requests we have the opportunity to, literally, patch Internet vulnerabilities in real-time. We will be providing information about the attack back to partners who are interested in hardening their internal defenses for customers who are not yet on CloudFlare.

    Tony Perez at Sucuri Blog says WordPress knew that it wasn’t equipped to handle brute-force attacks.

    It was not long ago that I was sitting on a call with other members of the WordPress community in which we were talking about brute-force. When asked why WordPress core didn’t offer more out of the box features to address the issue, the response was it’s just not a relavent issue.

    As interesting a response as that was, the latest trends seem to contradict that statement head on. It goes to show us that with the technological improvements things like latency and other network considerations are becoming less of a barrier to entry for attackers.
    WordPress Attacks Hammer Web Hosts

  8. #8
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    14,983

    Go Daddy Joomla, WordPress Hosting Customers See Spotty Admin Access

    Go Daddy hosting customers continue to experience intermittent access to admin pages to their Joomla! and WordPress websites on Friday, according to a system alert in its support blog.

    According to Go Daddy, the issue of accessibility of admin pages for WordPress and Joomla customers started on Thursday, and it continues to mitigate an Internet-wide attack attempting to gain access to its customers’ websites.

    While admin pages may not be accessible, Go Daddy says the websites will remain online.

    Go Daddy has also recommended that customers change their passwords once they regain access to their site, directing customers to a blog post that offers tips for generating a strong password.

    A year ago, more than 2 million WordPress sites were installed with Go Daddy’s hosting connection one-click installer, and with the majority of its customers being small businesses, it is likely that the number of WordPress sites it hosts has grown over that time period. It is unclear specifically how many WordPress or Joomla customers were impacted by Thursday’s issue.

    Earlier this week, Go Daddy Linux web hosting customer experienced intermittent connectivity to their sites, and there was a partial power outage overnight on Monday in a data center that houses some of its virtual private and dedicated hosting services.

    Go Daddy shared the service updates through its support blog, and acknowledged the issues on Twitter and Facebook as well.

    In March, Go Daddy’s EU hosting environment was hit by a DDoS attack that caused an intermittent service disruption.

    Go Daddy is planning an expansion to the Seattle region, and is seeing early success in recruiting engineers from Microsoft and other large tech companies, according to a report by GeekWire on Thursday. Go Daddy CEO Blake Irving was a long-time Microsoft executive, and recently served as chief product officer at Yahoo!, so he likely has a lot of contacts to build out a west coast office.

    For now, Go Daddy is establishing a temporary office in Kirkland, Washington, and the plan is to build a permanent office in Kirkland or Bellevue, starting with around 10,000 square feet of space. Last month, Go Daddy established an office in Sunnyvale, California. The aim for Go Daddy is to have a presence in the Bay Area and Seattle, according to Irving.

    For a company that has focused on its marketing message to small businesses and its customer service initiatives, its recent efforts at expanding its engineering team come at a time when Go Daddy’s infrastructure is clearly under some strain.

    Go Daddy Joomla, Wordpress Hosting Customers See Spotty Admin Access

  9. #9
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    14,983
    A Microsoft também oferece instalação "1-clique" (inclusive no Azure) do WordPress, Joomla, Drupal, e muitos outros. Sites vulneráveis não faltam

    Windows Web App Gallery - Featured Apps

    NOTA: Em post de 22-06-2012, 13:19


    Rodam WordPress (números não comprovados que são festejados em artigos):

    74 milhões de sites

    16% de todos os dominios registrados no mundo

    22 de cada 100 novos dominios registrados nos EUA

    150 mil sites do top 1 milhão sites mais visitados no mundo
    WordPress › WordPress Plugins

    20,035 plugins, 316,926,560 downloads, and counting

    "Plugins can extend WordPress to do almost anything you can imagine"

    Most Popular »

    All in One SEO Pack
    Downloaded 11,282,746 times

    Jetpack by WordPress.com
    Downloaded 1,738,243 times

    Akismet
    Downloaded 11,138,390 times

    WordPress SEO by Yoast
    Downloaded 1,545,919 times

    Contact Form 7
    Downloaded 7,266,981 times

    Google XML Sitemaps
    Downloaded 7,868,499 times
    Última edição por 5ms; 13-04-2013 às 14:34.

  10. #10
    WHT-BR Top Member
    Data de Ingresso
    Nov 2010
    Posts
    1,608
    Eu não entendi muito bem,

    Mas parece que aquela dica do mod security p/ bloquear por 5 minutos já não está funcionando...

    Encontrei um outro blog comentando sobre o assunto:

    Blocking Wordpress Brute Force Attacks against wp-login.php
    oGigante.com*• Revenda de Hospedagem Cloud Linux + WHMCS Grátis
    VWhost.com.br • Revenda de Hospedagem Linux Cpanel + CloudFlare
    Zocka.com.br • Hospedagem de Sites Cpanel + Construtor de Sites

Permissões de Postagem

  • Você não pode iniciar novos tópicos
  • Você não pode enviar respostas
  • Você não pode enviar anexos
  • Você não pode editar suas mensagens
  •