# Social Category > The Whistleblower Forum >  Word Press under attack

## Hermes14

Security analysts have detected an ongoing attack that uses a huge number of computers from across the Internet to commandeer servers that run the WordPress blogging application.
They say the people behind the attack are using more than 90 000 IP addresses to crack the administrative credentials of word press.
Although they say these attackers are unknown, it looks like the work of Anonymous.
http://arstechnica.com/security/2013...urce=pulsenews

----------


## Citizen X

Hi Hermes14,

Please tell me, what joy or benefit do these characters derive from what they do? Why do they engage in such activity?

----------


## Hermes14

This definitely looks like the work of anonymous to me.
There can be a thousand & one reasons why they would do something like.
I once asked the same question to a person who had contacts in anonymous & she said because they can.
I know it doesn’t sound like a valid reason but that is the one I got.
I personally believe their reasons are more politically & power orientated.
From what I have heard back in 2003 the FBI managed to infiltrate them by posing as one of them & a few of them got arrested.
Since then they have become more discrete & have been harder to identify.

Imagine if you could control every computer in the world both online & offline how powerful you would be.

http://www.anonyops.com/
http://en.wikipedia.org/wiki/Anonymous_(group)

----------


## AndyD

> Although they say these attackers are unknown, it looks like the work of Anonymous.





> This definitely looks like the work of anonymous to me.


I doubt it, not really their modus operandi, the majority of anon attacks are DDoS and not brute force hacks, they're also more focussed.

----------


## Hermes14

> I doubt it, not really their modus operandi, the majority of anon attacks are DDoS and not brute force hacks, they're also more focussed.


What do you think the motive  for the attack could be?

----------


## AndyD

To be honest I wouldn't have a clue. It's possibly someone with a political/social/religious agenda that has an existing botnet and is tying to expand it but brute force attacks like this are very high profile and as such would receive a lot of unwanted attention so that theory is a long shot. Otherwise it's probably just a traditional hacking group making a name for itself. Never underestimate what can be achieved by a few script-kiddies with laptops and an internet connection in their bedroom.

----------


## HR Solutions

How would this affect some of us that are looking at a guy setting up a word press website ?  And would you know if a wordpress website is any good ??

----------


## solweb

> How would this affect some of us that are looking at a guy setting up a word press website ?  And would you know if a wordpress website is any good ??


Wordpress releases security updates as soon as a problem occurs. Make sure you update as soon as a new version is avail - same for your themes and plugins. Use a reliable host - you have MWEB and Hetzner locally and the one I recommend is HostGator in the US.

Wordpress is still the most popular Contenet Managemnent System availble - very robust but simple to use.

----------


## HR Solutions

Thank you solweb for your input  :Smile:

----------


## Dave A

> What do you think the motive  for the attack could be?


There are so many things you can do when you hack a web domain compared to a pc...

When it comes to sending spam emails, you might pick up a volume or white label advantage when you've compromised a server rather than a pc, but here's an example of the sort of mischief you can get up to with a server or domain hosting account that isn't an option with pc's.

Targetting Wordpress sites makes a lot of sense because there's a much higher chance the real user is less tech savvy than those using more complex scripts, and accordingly is less likely to spot their domain has been compromised.

----------


## AndyD

I actually wondered if this could be linked to the spamhaus attack that's been going on and I agree that hitting Wordpress servers would have a higher sucess rate that most.

----------


## Mitos

The info I read up on this is that WordPress sites with the "Admin" user login name selected is most likely to be hit!

----------


## solweb

> The info I read up on this is that WordPress sites with the "Admin" user login name selected is most likely to be hit!


Using Admin as the user name already makes your friendly neighbourhood hacker's job easier - now he only has to figure out the password - like "God" or "1234"

Use a Password Manager to generate passwords http://www.keepassx.org/ and use differant user names for differant projects

----------


## Hermes14

Is there a way to block anyone using an anonymizer for visiting your site?

----------


## Dave A

Yeah - with IP blocking. The trouble is any IP list of non-transparent proxies will get out of date in no time (and abusers of anonymous browsing are on the bleeding edge, of course).

What platform are you using?
Why do you want to block them? (ie what nuisance are they causing?)

Knowing that might jut help me make a more useful suggestion. There are many ways to skin a cat.

----------


## Mark Atkinson

Here you go guys:

http://www.sitepoint.com/wordpress-security/

Enjoy.  :Smile:

----------

Dave A (22-Apr-13)

----------


## sterne.law@gmail.com

Cyberwarfare is the new threat. New may not be quite the correct word, it dates some years.
 Countries have established cyber war agencies. The threat is a foreign (readcenemy) state debilitating a countries  infra structure, be it banking, government domains etc, etc

----------

