We did a detailed analysis of the attack pattern and found out that most of the attack was originating from CMSs (mostlyÂ WordPress)Â . Further analysis revealed that the admin accounts had been compromised (in one form or the other) and malicious scripts were uploaded into the directories.
Today, this attack is happening at a global level andÂ WordPressÂ instances across hosting providers are being targeted. Since the attack is highly distributed in nature (most of the IPâ€™s used are spoofed), it is making it difficult for us to block all malicious data.
To ensure that your websites are secure and safeguarded from this attack, we recommend the following steps:
- Update and upgrade yourÂ WordPressÂ installation and all installed plugins
- Install the security plugin http://wordpress.org/extend/plugins/better-wp-security/
- Ensure that your admin password is secure and preferably randomly generated
Other ways of Hardening a WordPress installation are shared at http://codex.wordpress.org/Hardening_WordPress
These additional steps can be taken to further secureÂ WordPressÂ websites:
- Disable DROP command for the DB_USER .This is never commonly needed for any purpose in a wordpress setup
- Remove README and license files (important) since this exposes version information
- Move wp-config.php to one directory level up, and change its permission to 400
- Prevent world reading of the htaccess file
- Restrict access to wp-admin only to specific IPs
A few more plugins â€“ wp-security-scan, wordpress-firewall, ms-user-management, wp-maintenance-mode, ultimate-security-scanner, wordfence, http://wordpress.org/extend/plugins/better-wp-security/. These may help in several occasions.
We have taken some extra steps to secure the standard hosting packages. You can see see what we have done atÂ http://www.hosting-status.net/current-hosting-status/
Please protect your site now as aÂ compromisedÂ site often leads to long periods downtime wile you re-install your site