Home / Info Sec / PINOYHACKNEWS is under bruteforce attack
passwords hacked

PINOYHACKNEWS is under bruteforce attack

What happen?

I need to login using my administrator account, www.pinoyhacknews.com/wp-admin, for me to administer some of the spam posts. Suddenly, “”Too many login failures, you are temporarily blocked” appears in my screen.

I then thought of clearing my cache, changing my browser, using a proxy but none works. PHN’s login page still displays the message.

What causes the problem? It could be a plugin, I first suspected “Wordfence” for blocking me(my IP actually.)

I started logging in my hosting provider, browse into PHN’s files and deleted the plugin. Still no success, then proceed in phpmyadmin to delete some of the rows(tables of Wordfence are still there even the plugin is already deleted.)

Then I remember the plugin called “Botnet Blocker” , got it. Its the culprit, I disabled the plugin from phpmyadmin(I google it first lol). It works!

After disabling the plugin, I no longer have a wall against bruteforcers.

Distributed botnet attacks can come from multiple IP addresses and locations at the same time, so conventional IP-based lockouts are not effective (e.g. those found in Wordfence and other WordPress security plugins).

For example, if 1,000 different computers (with unique IP addresses) are trying to brute-force your admin password and you lock out each IP address after 5 incorrect attempts then you have still allowed 5,000 attempts. My plugin essentially ignores the different IP addresses and locks out all admin login attempts in a configurable way – so if you have it set to 5 failed attempts (default) then those 1,000 different computers will only have a total between them of 5 attempts.

Its what happen in the site, take a look of the photo below.

Screenshot (149)

 

Those are real worrying numbers.

Therefore, I concluded. Its the one that causes the downtime of pinoyhacknews. Due to large number of login attempts in seconds..

The botnet attack blocker is again activated now, I hope everything runs right.

Though the plugin is activated, the attack is still on progress. 1and1 server, hold on 😀

About Clifford Trigo

Hi there! I am Clifford Trigo from the island of Bohol, come over here and lets have fun! :3 Just keep reading :D