wp-login.php DDOS Attack (In Progress)
Over the past 24 hours there has been a widespread DDOS campaign targeting the popular CMS script WordPress, in particular the file used to log into the admin area of the script; wp-login.php. Large numbers of IP addresses from across the world have been attacking any files they can find, resulting in massive issues for web hosts and the stability of web servers.
The last week has seen probably the largest distributed denial-of-service (DDoS) attack ever. It’s being reported in fairly dramatic terms, with the New York Times and BBC talking about the internet getting jammed or slowed down.
So what’s actually going on? Here’s a rundown of some key points:
A what attack?
DDoS attacks, as the “distributed” part suggests, involve large numbers of computers bombarding a target system with traffic, with the idea being to stop that system from functioning. A bunch of South Korean banks and broadcasters got temporarily crippled by such an attack a week ago, for example.
In addition the attacks are now being used by a “Map” of the WordPress community to attack and break into anyone with admin as their user name… one of the largest attacks ever and has resulted in many isps shutting down any access to your word press installation .
How you may have inadvertently participated in recent DDoS attacks
The botnets driving the recent distributed denial of service attacks are powered by millions of infected computers. Their coordinated flood of requests overwhelms the Internet’s DNS servers, slowing them down and even knocking the servers offline. The long-term solution for site operators and visitors alike may rely on reluctant ISPs working together.
find out how you can protect your site and computer