WP Bloggers AlertApril 17, 2013 at 3:00 pm | Posted in Computers, Internet, Online services, Security, Software, Web Apps | Leave a comment
There’s a new botnet that is infecting WordPress-based blogs and web sites and then using them to infect others. The botnet can then be used to attack other web sites in denial of service attacks, etc. Because web servers are always up, it’s superior to virus-infected home PC’s.
Think it’s minor? Over 90,000 IP’s are already involved. Evidently, symptoms of an infection include slow performance and the inability to log into the WordPress account. They may also go off-line for a short time.
WordPress itself is not to blame. As with webmail accounts being hijacked, the issue is poor passwords. Apparently its still common to use “admin” or other simple passwords. Brute force password-trial attacks can discover easy passwords in seconds. You need a strong site admin password for your web site – even if it’s not WP based. Do you want to be infecting visiting customers? Or have their AV block them from your site? Friends have had these problems.
Hopefully, server-based anti-virus will be developed to reduce the issue. Some web hosts don’t provide web site anti-virus though. That’s how the virus problem spread in the first place.
Even if you don’t care about your own site, please do others the courtesy of not becoming a vector to attack them.
I talked about good password techniques here