WordPress, a popular blogging platform used by individuals as well as big businesses including UPS and eBay, is the target of a widespread botnet attack.
The vulnerability that allows hackers to get into WordPress accounts and take them over for other purposes: user accounts where the word "admin" is the username. The advice for immediate action: Change admin to a different — and much stronger — username immediately.
Matthew Prince, founder of CloudFlare, a website performance company, says the attack, which started last week, is "significant."
"The attacker is brute force attacking the WordPress administrative portals, using the username 'admin' and trying thousands of passwords," he wrote on his company's blog. "It appears a botnet is being used to launch the attack and more than tens of thousands of unique IP addresses have been recorded attempting to hack WordPress installs.
Brian Krebs, of Krebs on Security, calls WordPress "perhaps the most popular content management system in use today," and wrote that the username vulnerability is "fueling the growth of an unusually powerful botnet currently made up of more than 90,000 Web servers."
WordPress founder Matt Mullenweg writes on the WordPress blog that when WordPress version 3.0 was released nearly three years ago, it allowed users to pick a custom username "which largely ended people using 'admin' as their default username."
But, of course, some users did not change their usernames.
"Right now there’s a botnet going around all of the WordPresses it can find trying to login with the 'admin' username and a bunch of common passwords, and it has turned into a news story (especially from companies that sell 'solutions' to the problem)," he wrote.
Users can get more information, including how to choose a better password, at the WordPress security page.
Botnets are used for malicious purposes, including launching denial-of-service attacks to shut or slow websites down, as well as for spreading malware.
WordPress, which is both a blog tool and content management system, has a range of clients, including Katy Perry and Jay-Z.
But Prince of CloudFlare says a key concern is that "the attacker is using a relatively weak botnet of home PCs in order to build a much larger botnet of beefy servers in preparation for a future attack."