ISC aka Internet Storm Center has reported a new ‘distributed WordPress admin account cracker‘. This is a very smart and major attempt to crack admin passwords of WordPress blogs.
This script is written in PHP and performs brute force cracking attempts to WordPress admin accounts.
The wp_brute_attempt() function takes 3 parameters, $ch which is cURL’s structure (cURL is a command line tools that can be used to perform HTTP requests). The other two parameters define the site and the password that will be tried. If the script logged in successfully, the page that gets returned by the server will contain the phrase “Log Out”, and the function will return a true value.
In layman’s words that script allows distributed cracking. It uses a MySql database to save information and script distributed (installed) over a large number of machines actually connects to main database. This allows the attacker to run many simultaneous scripts, each of them can take 200 URLs.
The script then takes every password from a password script and tries it on each site. The script can even be stopped and when executed next time will continue where it stopped.
While this particular version is relatively simple, the power behind the script and the MySQL database allows the attacker to distribute the attacks not only by sites, but also by passwords tried as well.
What can you do to protect your blog?
Cool question! If you are using WordPress, your blog security is at risk. You can protect your blog by taking following steps.
- Change you admin username, name it to something other then ‘admin’
- Use a strong password – other then some simple word, use alpha-numeric password and also use some special characters like #$%^&*
- You can use WordPress security plugins like ‘Login Lockdown‘ to protect your WordPress signup page.
- Use ‘Bad Behavior‘ plugin for WordPress, ‘Bad Behavior’ is tested against this script and it can block its access attempts to your blog.
Have any questions? Feel free to ask through comments section.