Skip to main content
  1. Home
  2. Computing
  3. News

With 20,000 sites swallowed up, a botnet is eating WordPress alive

By
Image used with permission by copyright holder

Hackers controlling a “botnet” of over 20,000 infected WordPress sites are attacking other WordPress sites, according to a report from The Defiant Threat Intelligence team. The botnets attempted to generate up to five million malicious WordPress logins within the past thirty days.

Per the report, the hackers behind this attack are using four command and control servers to send requests to over 14,000 proxy servers from a Russian provider. Those proxies are then used to anonymize traffic and send instructions and a script to the infected WordPress “slave” sites concerning which of the other WordPress sites to eventually target. The servers behind the attack are still online, and primarily target the XML-RPC interface of WordPress to try out a combination of usernames and passwords for admin logins.

Recommended Videos

“The wordlists associated with this campaign contain small sets of very common passwords. However, the script includes functionality to dynamically generate appropriate passwords based on common patterns … While this tactic is unlikely to succeed on any one given site, it can be very effective when used at scale across a large number of targets,” explains The Defiant Threat Intelligence team.

Please enable Javascript to view this content

Attacks on the XML-RPC interface aren’t new and date back to 2015. If you’re concerned that your WordPress account might be impacted by this attack, The Defiant Threat Intelligence team reports that it is best to enable restrictions and lockouts for failed logins. You also can consider using WordPress plugins which protect against brute force attacks, such as the Wordfence plugin.

Related

The Defiant Threat Intelligence team has shared information on the attacks with law enforcement authorities. Unfortunately, ZDNet reports that the four command and control servers can’t be taken offline because they are hosted on a provider that doesn’t honor takedown requests. Still, researchers will be contacting hosting providers identified with the infected slave sites to try and limit the scope of the attack.

Some data has been omitted from the original report on this attack because it can be exploited by others. The use of the proxies also makes it hard to find the location of the attacks, but the attacker made mistakes which allowed researchers to access the interface of the command and control servers behind the attack. All of this information is being deemed as “a great deal of valuable data” for investigators.

Editors’ Recommendations

Topics
Arif Bacchus
Arif Bacchus
Former Digital Trends Contributor
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
Prepare your wallet — this RTX 5090 PC costs over $6,000
Acer Predator Orion 7000 sitting on a table.

It's safe to say that no one expects Nvidia's best graphics cards to be cheap, but wow, these leaked listings are something else. Otto.de, a German retailer, briefly listed two Acer Predator Orion gaming PCs equipped with the RTX 5090 and the RTX 5080, and the prices are pretty crazy. The PC that comes with the RTX 5090 was priced at 5,999 euros, or around $6,240.

These listings were taken down shortly after they appeared, but VideoCardz snapped some screenshots before it was too late. Both seem to be newer versions of the Acer Predator Orion, and are equipped with Nvidia's upcoming RTX 50-series graphics cards and Intel's Core Ultra 200 series CPUs.

Read more
Intel’s promised Arrow Lake autopsy details up to 30% loss in performance
The Core Ultra 9 285K socketed into a motherboard.

Intel's Arrow Lake CPUs didn't make it on our list of the best processors when they released earlier this year. As you can read in our Core Ultra 9 285K review, Intel's latest desktop offering struggled to keep pace with last-gen options, particularly in games, and showed strange behavior in apps like Premiere Pro. Now, Intel says it has fixed the issues with its Arrow Lake range, which accounted for up to a 30% loss in real-world performance compared to Intel's in-house testing.

The company identified five issues with the performance of Arrow Lake, four of which are resolved now. The latest BIOS and Windows Updates (more details on those later in this story) will restore Arrow Lake processors to their expected level of performance, according to Intel, while a new firmware will offer additional performance improvements. That firmware is expected to release in January, pushing beyond the baseline level of performance Intel expected out of Arrow Lake.

Read more
You can get this 40-inch LG UltraWide 5K monitor at $560 off if you hurry
A woman using the LG UltraWide 40WP95C-W 5K monitor.

If you need a screen to go with the upgrade that you made with desktop computer deals, and you're willing to spend for a top-of-the-line display, then you may want to set your sights on the LG 40WP95C-W UltraWide curved 5K monitor. From its original price of $1,800, you can get it for $1,240 from Walmart for huge savings of $560, or for $1,275 from Amazon for a $525 discount. You should complete your purchase quickly if you're interested though, as there's no telling when the offers for this monitor will expire.

Why you should buy the LG 40WP95C-W UltraWide curved 5K monitor
5K monitors are highly recommended for serious creative professionals, such as graphic designers and filmmakers, for their extremely sharp details and precise colors, and the LG 40WP95C-W UltraWide curved 5K monitor is an excellent choice. We've tagged it as the best ultrawide 5K monitor in our roundup of the best 5K monitors, with its huge 40-inch curved screen featuring 5120 x 2160 resolution, 98% coverage of the DCI-P3 spectrum, and support for HDR10 providing striking visuals that you won't enjoy from most of the other options in the market.

Read more