Huge attack on WordPress sites could spawn never-before-seen super botnet

Security analysts have detected an ongoing attack that uses a huge number of computers from across the Internet to commandeer servers that run the WordPress blogging application.

The unknown people behind the highly distributed attack are using more than 90,000 IP addresses to brute-force crack administrative credentials of vulnerable WordPress systems, researchers from at least three Web hosting services reported. At least one company warned that the attackers may be in the process of building a "botnet" of infected computers that's vastly stronger and more destructive than those available today. That's because the servers have bandwidth connections that are typically tens, hundreds, or even thousands of times faster than botnets made of infected machines in homes and small businesses.

"These larger machines can cause much more damage in DDoS [distributed denial-of-service] attacks because the servers have large network connections and are capable of generating significant amounts of traffic," Matthew Prince, CEO of content delivery network CloudFlare, wrote in a blog post describing the attacks.

Read 10 remaining paragraphs | Comments

Web Hosts Blocking Access to WordPress Login Page

We have had a number of people contact us about having issues gaining access to the login page in WordPress recently and we wanted to pass along information that affected websites should be getting told by their web hosts as well by now. There has recently massive attempt to brute force the login for WordPress based websites. Hostgator describes it as being a highly-distributed and global attack. While hackers have been attempting to gain access to website, whether using WordPress or a variety of other software, that use weak passwords for years, the big issue here is that the massive size of attempts is causing high load on servers and that has caused web hosts to block access to the WordPress login page while attempting to deal with this. If your website is hosted on a server shared with websites being targeted it can impact your websites even if you are not targeted.

Hostgator has reported seeing over “90,000 IP addresses involved in this attack”, which means that a web host cannot simple block a few IP address to stop the attempts. That also provides a reminder that limiting login attempts by blocking IP addresses after several failed attempts has a serious limitation as security feature when massive amount of IP address are available for an attack.

While security of the login process can be improved by restricting login access to certain IP addresses or using multi-factor authentication, websites can prevent an un-targeted login attack by making sure only strong passwords are used.

Kaspersky Lab’s US Website Running Outdated and Insecure Version of Drupal

When it comes to internet security one of the most basic steps is keeping your software up to date. In sign of how poor the state of internet security is, even security companies are not taking such a basic step. The US website of Kaspersky Lab, which the New York Times has described as “Europe’s largest antivirus company“, is running a very out of date version of Drupal:

Kaspersky Lab US Website is Running Drupal 6.19

Kaspersky Lab has failed to update the software for over two years, the next version Drupal 6.20 was released back in December of 2010, and they have missed the last 4 security updates. Updating between versions of Drupal 6 is relatively easy, so there isn’t any excuse for a tech company not being able to keep it up to date.

Kaspersky Lab is not alone in this, last year we posted about Panda Security’s failure to update software running their websites even after some of their websites had been hacked.

You can check if Drupal websites you visit are keeping the software up to date with our Drupal Version check extension for Chrome and Firefox.

Microsoft tells Windows 7 users to uninstall faulty security update (Updated)

Microsoft has pulled a Windows 7 security update released as part of this month's Patch Tuesday after discovering it caused some machines to become unbootable.

Update 2823324, which was included in the MS13-036 bulletin, fixed a "moderate-level vulnerability" that requires an attacker to have physical computer access to be able to exploit a targeted computer, Dustin Childs, a group manager in the Microsoft Trustworthy Computing group, wrote in a blog post published Thursday evening. The company has now pulled it from the bulletin and is advising at least some Windows users who have installed it to uninstall the update following the guidance here. MS130-26 was one of nine bulletins released on Monday to fix 13 separate vulnerabilities.

"We’ve determined that the update, when paired with certain third-party software, can cause system errors," Childs wrote. "As a precaution, we stopped pushing 2823324 as an update when we began investigating the error reports, and have since removed it from the download center."

Read 3 remaining paragraphs | Comments