A botnet, made up of at least 90,000 hacked computers, has launched a large worldwide attack on websites running the WordPress content management system across a number of hosting companies.
Ars Technica reports the attack involves a brute-force effort to crack the passwords of sites running WordPress across a number of major web hosting providers.
“This attack is happening at a global level and WordPress instances across hosting providers are being targeted. Since the attack is highly distributed in nature (most of the IPs used are spoofed), it is making it difficult for us to block all malicious data,” states web hosting company ResellerClub.
There are early indications that hackers are installing malicious scripts on servers hosting WordPress sites that have been compromised in the attack that, in turn, are being used to hack other websites.
“These [servers] can cause much more damage in DDoS [distributed denial-of-service] attacks because the servers have large network connections and are capable of generating significant amounts of traffic,” states Matthew Prince, the chief executive of web hosting company CloudFlare.
SMEs using WordPress are urged to update their passwords and ensure they use strong passwords for their websites.