Friday, April 04, 2014
Wordpress seems to be targeted by hacker toolkits on the underground market (Webroot Threat blog story)
Webroot’s Threat Blog has an article giving details about toolkits on the market aimed at attacking Wordpress platforms, which are often domains that offer blogs as entry, and then have other pages across the top banner. The link to the article by Dancho Danchev is here.
It’s remarkable how varied the tools are, and that the “rootkit vendors” accept payment only from PayPal or BitCoin.
WordPress has an article called “Hardening WordPress”, which recommends measures that require some considerable technical knowledge of administrators (of scripting and Linux or Unix, usually). If you pay for a service from a reputable hosting company, most of these services are probably being done (especially the WordPress version and plugin updates) automatically by the host on its servers. I haven’t seen anybody put in two-step verification except Google (which still doesn’t work if your cell phone is snatched on the street). If you notice really unusual volumes of page requests for you admin page, that could mean someone is trying to hack and crack the password.
It’s not so clear from the article whether the hack attacks and DDos attacks are directed at the Wordpress sites, or are more about using the sites as zombies to attack higher profiles sites like governments and banks with DDOS. But Sucuri will check to see if your site is being used to attack others (detail here) It’s not clear that a site would be taken down because it had been used this way, unbeknownst to the owner. There may be language about this buried deep in the TOS of hosting agreements, but the danger is probably greater for parties that do all their own hosting.