Blog-Blog Wordpress Sedang Banjir Serangan

Ini saya baca-baca dari beberapa blog Luar, kayak Cloudflare, Incapsula, HostGator, dsb.

Jadi saya copas pendek-pendek agar nggak kepanjangan juga yach.

---Pertama---
Protecting Against WordPress Brute-Force Attacks
April 11, 2013 by Tony Perez
It was not long ago that I was sitting on a call with other members of the WordPress community in which we were talking abou brute-force.

---Kedua---
April 11, 2013
There is currently a significant attack being launched at a large number of WordPress blogs across the Internet. The attacker is brute force attacking the WordPress administrative portals, using the username "admin" and trying thousands of passwords. It appears a botnet is being used to launch the attack and more than tens of thousands of unique IP addresses have been recorded attempting to hack WordPress installs.

---Ketiga---
April 10, 2013
Over the past day or so I’ve seen close to 1,000 brute force login attempts at my own WordPress sites originating from botnets. Other sites are being hit even harder.

---Keempat---
Global WordPress Brute Force Flood
April 11th, 2013

As I type these words, there is an on-going and highly-distributed, global attack on WordPress installations across virtually every web host in existence. This attack is well organized and again very, very distributed; we have seen over 90,000 IP addresses involved in this attack.

At this moment, we highly recommend you log into any WordPress installation you have and change the password to something that meets the security requirements specified on the WordPress website. These requirements are fairly typical of a secure password: upper and lowercase letters, at least eight characters long, and including “special” characters (^%$#&@*).

You have now changed your WordPress password, correct? Good.

The main force of this attack began last week, then slightly died off, before picking back up again yesterday morning. No one knows when it will end. The symptoms of this attack are a very slow backend on your WordPress site, or an inability to log in. In some instances your site could even intermittently go down for short periods.
Selengkapnya: http://blog.hostgator.com/2013/04/11/global-wordpress-brute-force-flood/

 

wordpress.org or wordpress

wordpress.org or wordpress.com?

 

Yg jadi target serangan

Yg jadi target serangan adalah blog2 dng basis wordpress.org yg self hosting.

 

Untung ngga pakai WP, kalau

Untung ngga pakai WP, kalau saya biasanya pakai Drupal, Blogger dan Tumblr.

 

blog saya yang menggunakan WP

blog saya yang menggunakan WP masih aman" saja

 

saya baru menggunakan Blogger

saya baru menggunakan Blogger , untung saja tidak pakai WP

 

Oh, kirain blog gratisnya

Oh, kirain blog gratisnya Wordpress.com. Saya hampir ketakutan karena kan saya pengguna Blogspot.

 

Konon Kabarnya yang terserang

Konon Kabarnya yang terserang itu website yang Administrator-nya pake username Admin
tapi 'ga tau juga ya .. saya bukan pengguna wp

 

OAXER wrote:

Betul sekali, yang diserang adalah Administrator yang pake username admin

 

Btw, kok rasanya cuma saya ya

Btw, kok rasanya cuma saya ya yang pake Wordpress nih.

 

Saya pake WordPress kog bang.

Saya pake WordPress kog bang. Yang pake username "admin" emang paling mudah diserang, makanya saya ga pernah pake username "admin".

 

ane jg dapet email ttn info

ane jg dapet email ttn info banjir serangan brute force terhadap web-web berbasis CMS. Ayo segera bersiap diri. Kalo beneran neh..

 

untung saya pakai blogger,

untung saya pakai blogger, aman nyaman dan tentram

 

ayahnyanadia wrote:

Mau nitip laporan aja Mas.
Saya mau komen di Blog Masbadar pas di submit malah keluar error:
500 Internal Server Error
nginx

Laporan selesai!

 

maxmanroe wrote:

Betul sekali.
Lalu biar nggak sering disatroni, pasang juga plugin Limit Login Attempts, minimal membatasi jumlah login.

 

Ternyata kalau dipasangin CDN

Ternyata kalau dipasangin CDN kayak Incapsula atau Cloudflare juga sudah dibantu menahan serangan oleh mereka.

Wah ternyata biarpun gratisan tetapi CDN kayak Incapsula atau Cloudflare mantap banget manfaatnya.

 

Klo aku udah terlanjur "Jatuh

Klo aku udah terlanjur "Jatuh Cinta" ama platform Blogger sih ...... jadi gak terlalu ngerti masalah serangan pada platform wordpress ....