Apr 16, 2013

WordPress Blogs Attacked: What You Need to Know

Reports of an attack against WordPress and Joomla sites spread through the tech community this weekend, as a large botnet launched brute-force, dictionary-based login attempts on user accounts. According to researchers at hosting companies like CloudFlare and HostGator, some 90,000 IP addresses were involved in the latest series of attacks, leading them to speculate that the overarching goal is to expand the botnet of infected computers to potentially create a super botnet. With some 18% of websites running WordPress, the potential scale is enormous.

Although the attack is no longer breaking news, we wanted to alert LastPass users and clarify what you should know:
  • The attack is focusing on common account usernames - admin, test, administrator, Admin, root - and is systematically testing common passwords to break in to accounts with those usernames. The top five passwords attempted in the hack are "admin," "123456," "111111," "666666," and "12345678."
  • The goal is not a data dump of user accounts - this is a large-scale attack that aims to take over a user's machine, using the server as a stepping stone in order to add it to the botnet's arsenal. A network of compromised machines can wreak havoc in a distributed denial-of-service (DDoS) attack.
  • If you are a WordPress user using CloudFlare, you are protected from the latest attack, according to their blog post.
The best steps LastPass users can take at this time:
We'll update our users if any further action should be taken. As always, be vigilant and protect your most important accounts.