Tag Archives: ddos

WordPress Blogs Under Massive Attack

wordpress items
Just in case, you won’t be able to access our blog in the future, know that it is not our own making.

If such a case will ever happen, just use other DNS extensions, e.g. eclinik.co, eclinik.net, eclinik.org. We will try to go back online whenever possible.

Jean’s website was attacked recently after she posted Neil Keenan’s/ Michael Dunn’s article re OPPT-Cabal connection.

Security analysts have detected an ongoing attack that uses a huge number of computers from across the Internet to commandeer servers that run the WordPress blogging application.

The unknown people behind the highly distributed attack are using more than 90,000 IP addresses to brute-force crack administrative credentials of vulnerable WordPress systems, researchers from at least three Web hosting services reported. At least one company warned that the attackers may be in the process of building a “botnet” of infected computers that’s vastly stronger and more destructive than those available today. That’s because the servers have bandwidth connections that are typically tens, hundreds, or even thousands of times faster than botnets made of infected machines in homes and small businesses.

“These larger machines can cause much more damage in DDoS [distributed denial-of-service] attacks because the servers have large network connections and are capable of generating significant amounts of traffic,” Matthew Prince, CEO of content delivery network CloudFlare, wrote in a blog post describing the attacks.

It’s not the first time researchers have raised the specter of a super botnet with potentially dire consequences for the Internet. In October, they revealed that highly debilitating DDoS attacks on six of the biggest US banks used compromised Web servers to flood their targets with above-average amounts of Internet traffic. The botnet came to be known as the itsoknoproblembro or Brobot, names that came from a relatively new attack tool kit some of the infected machines ran. If typical botnets used in DDoS attacks were the network equivalent of tens of thousands of garden hoses trained on a target, the Brobot machines were akin to hundreds of fire hoses. Despite their smaller number, they were nonetheless able to inflict more damage because of their bigger capacity.

There’s already evidence that some of the commandeered WordPress websites are being abused in a similar fashion. A blog post published Friday by someone from Web host ResellerClub said the company’s systems running that platform are also under an “ongoing and highly distributed global attack.”

“To give you a little history, we recently heard from a major law enforcement agency about a massive attack on US financial institutions originating from our servers,” the blog post reported. “We did a detailed analysis of the attack pattern and found out that most of the attack was originating from [content management systems] (mostly WordPress). Further analysis revealed that the admin accounts had been compromised (in one form or the other) and malicious scripts were uploaded into the directories.”

The blog post continued:

“Today, this attack is happening at a global level and WordPress instances across hosting providers are being targeted. Since the attack is highly distributed in nature (most of the IPs used are spoofed), it is making it difficult for us to block all malicious data.”

According to CloudFlare’s Prince, the distributed attacks are attempting to brute force the administrative portals of WordPress servers, employing the username “admin” and 1,000 or so common passwords. He said the attacks are coming from tens of thousands of unique IP addresses, an assessment that squares with the finding of more than 90,000 IP addresses hitting WordPress machines hosted by HostGator.

“At this moment, we highly recommend you log into any WordPress installation you have and change the password to something that meets the security requirements specified on the WordPress website the company’s Sean Valant wrote. “These requirements are fairly typical of a secure password: upper and lowercase letters, at least eight characters long, and including ‘special’ characters (^%$#@*).”

Operators of WordPress sites can take other measures too, including installing plugins such as this one and this one, which close some of the holes most frequently exploited in these types of attacks. Beyond that, operators can sign up for a free plan from CloudFlare that automatically blocks login attempts that bear the signature of the brute-force attack.

Already, HostGator has indicated that the strain of this mass attack is causing huge strains on websites, which come to a crawl or go down altogether. There are also indications that once a WordPress installation is infected it’s equipped with a backdoor so that attackers can maintain control even after the compromised administrative credentials have been changed. In some respects, the WordPress attacks resemble the mass compromise of machines running the Apache Web server, which Ars chronicled 10 days ago.

With so much at stake, readers who run WordPress sites are strongly advised to lock down their servers immediately. The effort may not only protect the security of the individual site. It could help safeguard the Internet as a whole.

Drake | April 13, 2013 at 9:58 pm | Categories: News | URL: http://wp.me/p2tRr3-Pu


One of the significant sources of funds for the Cabal is the healthcare industry which registered a whopping $2.7 trillion in 2011, and is projected to soar to $3.6 trillion in 2016, in the US alone. We believe that this is just a conservative figure.

You can join the fight against the Dark Cabal and accelerate its demise just by boycotting Big Pharma. You can effectively do this by downloading “Towards Healthcare Emancipation“, a fully illustrated do-it-yourself instructional eBook that will help you in implementing all eClinik methods that would negate the use of expensive medicine, avoid radioactive diagnostics and treatments in completely defeating cancer, AIDS and all other parasitic diseases. These methods, when faithfully followed, work 100% all the time. Find out more about this here.

We are very grateful to the following for the love and support they’ve given us for the period between March 26th and April 2013:

OHSIC PL, $30
Peggy P, $20
Matthew W, $35
Pamela F, $100
David M, $30
Monika ME, $30
Levi H, $20
Rhoda D, $20
Rick G, $50
Keith H, $75

Howard K, $5
Geoffrey D, $10
Mike R, $20
Clayton F, $5
Sheryl C, $25
Russ M, $20
Steven K, $20
Joyce D, $10
Chris A, $5

AHC, $50
Rodrigo B, $5
Linda H, $6
Terry B, $5
Chris A, $1
Kipp S, $10
Wendell I, $12
Edgar R, $10

Mabuhay!

Health & Medicine - Top Blogs Philippines

US, UK Gov’t Websites Downed by Anonymous

Update 4/16/2012, 8:21Pm GMT+8:

More US and UK government websites have fallen prey to DDoS attacks by the hacktivist group Anonymous. The victims now include the US Department of Justice, CIA and two MI6 sites.

The group claimed responsibility on their Facebook page, saying: “its [sic] all of us together. We are the “little people”, the hungry, the poor, the “manipulated”, and yet for all their power and might, these “little people” brought their pride down.”

Earlier, Brazilian hacker group Anonymous member Havittaja claimed responsibility for DDoS attacks on the US Department of Justice and CIA websites.

On his Twitter microblog he posted that the CIA site was offline for an hour and a half. He said it was done for the “lulz”, referring to the popular online abbreviation “for laughs.”

The rest of the group joined in to finish what their “Brazilian brother started”, AntiS3curityOPS wrote on their Facebook wall.

­

source »

As of 4/16/2012 GMT+8, 12:56PM: CIA.gov is subjected to DDOS attack.

The information came from the official OWS Twitter account. The site indeed appears to be down, however, there has been no information whether it is due to a hacker attack. The report cannot be verified at this time.

­Previously, US Central Intelligence Agency site has been taken down by Anonymous hacktivist group in February. The attack was directed against US law enforcement agencies and copyright holders.

­DETAILS TO FOLLOW

source »

To some, DDOSing  or distributed denial-of-service, is not an effective tool for knocking down an agency of the government or the government itself. But, that is not the point. The purpose of this exercise is to demonstrate what can be done collectively. This is an exploration of the possibilities when two or more people decide to do something. Anything.

As opposed to outright hacking, DDOSing enjoys some form of legitimacy due to its inherent collective nature, i.e. it can only be successful when enough servers are requesting for the same web address of its intended target. Their favorite tool in this case is LOIC, or Low Orbit Ion Cannon.

When the critical mass is achieved, the next stop would be a physical action. That’s when the final objective is achieved.

ARVE Error: need id and provider

One of the significant sources of funds for the Cabal is the healthcare industry which registered a whopping $2.7 trillion in 2011, and are projected to soar to $3.6 trillion in 2016, in the US alone. We believe that this is just a conservative figure.

You can join the fight against the Dark Cabal and accelerate its demise just by boycotting Big Pharma. You can effectively do this by downloading “Towards Healthcare Emancipation“, a fully illustrated do-it-yourself instructional eBook that will help you in implementing all eClinik methods that would negate the use of expensive medicine, avoid radioactive diagnostics and treatments in completely defeating cancer, AIDS and all other parasitic diseases. These methods, when faithfully followed, work 100% all the time. Find out more about this here.

Health & Medicine - Top Blogs Philippines