WP Bloggers Alert

April 17, 2013 at 3:00 pm | Posted in Computers, Internet, Online services, Security, Software, Web Apps | Leave a comment

There’s a new botnet that is infecting WordPress-based blogs and web sites and then using them to infect others. The botnet can then be used to attack other web sites in denial of service attacks, etc. Because web servers are always up, it’s superior to virus-infected home PC’s.

Think it’s minor? Over 90,000 IP’s are already involved. Evidently, symptoms of an infection include slow performance and the inability to log into the WordPress account. They may also go off-line for a short time.

WordPress itself is not to blame. As with webmail accounts being hijacked, the issue is poor passwords.  Apparently its still common to use “admin” or other simple passwords. Brute force password-trial attacks can discover easy passwords in seconds. You need a strong site admin password for your web site – even if it’s not WP based. Do you want to be infecting visiting customers? Or have their AV block them from your site? Friends have had these problems.

Hopefully, server-based anti-virus will be developed to reduce the issue. Some web hosts don’t provide web site anti-virus though. That’s how the virus problem spread in the first place.

Even if you don’t care about your own site, please do others the courtesy of not becoming a vector to attack them.

I talked about good password techniques here

It can be a hassle to remember hard-to-guess passwords, so a Password Manager can be very handy.  I talked about my fav – Lastpass – here.
Safe surfing!
David

Leave a Comment »

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.
Entries and comments feeds.