Jump to content


Photo

Distributed wp-login.php Attack affecting Echo and Boreas, Blocks put in place.


  • Please log in to reply
No replies to this topic

#1 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,900 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 09 May 2014 - 03:03 AM

Hello,

 

Since WordPress is such a large target it seems this sort of attack is going to become more common.  Directions on avoiding becoming a target of this attack can be seen in this thread:

WordPress Brute Force attacks and wp-login.php. If you're running WordPress it's important that you view this topic.

Here you can see the impact on Idle CPU and server load:

2014-05-09_03-59-54.png

 

As you can see this had a major impact on these servers with the load going up to ~70 on one server and ~43 on the other and Idle CPU dropping down to 3~4% on both.  The quick dips in the load after it's risen and the quick rise of Idle CPU to normal are us putting blocks in place only on the accounts that were under attack.

 

  • Only affected accounts had the block put in place.
  • It is fully possible for the webmaster/account holder to modify/remove the block although we suggest only doing so if you plan to somehow protect the wp-login.php
  • Full directions on the block and how to add your IP or remove the block can be seen here: http://forums.mddhos...jasmine/?p=4896

We do not like putting blocks in place or modifying user content [as required to put this block in place] but the Idle CPU and Load Graphs make it clear that action was required.

 

If you have any questions about this at all, let us know.


  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users