“Adsterra”/ “AdsKeeper”/
Welcome to Our Community
Wanting to join the rest of our members? Feel free to sign up today.

Aggressive Brute Force Wordpress Attack

Discussion in 'General Discussions and Lounge' started by gkd_uk, Dec 20, 2017.

  1. gkd_uk

    gkd_uk Well-Known Member affiliate

    4,159
    72
    48
    A massive distributed brute force attack campaign targeting WordPress sites started on the 18th December 2017 at 3am Universal Time, 7pm Pacific Time. The attack is broad in that it uses a large number of attacking IPs, and is also deep in that each IP is generating a huge number of attacks. This is the most aggressive campaign we have seen to date, peaking at over 14 million attacks per hour.

    The attack campaign was so severe that we had to scale up our logging infrastructure to cope with the volume when it kicked off, which makes it clear that this is the highest volume attack that we have seen in Wordfence history, since 2012.

    The campaign continues to ramp up in volume during the past hour as we publish this post. A graph of the attack volumes is shown below which shows the number of attacks per hour and the number of attacking IPs that we see each hour.

    A possible explanation for this new massive increase in brute force attacks
    On December 5th, a massive database of hacked credentials emerged. It contains over 1.4 billion username/password pairs. Approximately 14% of the database contains credentials that have not been seen before. The database is also searchable and easy to use.


    Historically, brute force attacks targeting WordPress have not been very successful. This new database provides fresh credentials that, when matched with a WordPress username, may provide a higher success rate for attackers targeting sites that do not have any protection.
     
    Last edited by a moderator: Feb 9, 2018
    T J Tutor likes this.
  2. Voluum
  3. azgold

    azgold Administrator Administrator Dojo Master affiliate

    12,758
    8,592
    113
    All I can think of to say is, WOW! And YIKES!
     
  4. viddox

    viddox Affiliate affiliate

    10
    0
    1
    i feel much better since i started using wordfence, my niche sites have been hacked in the past but i always had full site backups so i could be up again within 1hr.
     
  5. Depalase1992

    Depalase1992 Affiliate affiliate

    7
    1
    3
    Yeah, you should use wordfence for defense. This is like the best thing you can do to prevent brut force.
     
MI