There are many, who are
likely getting emails with the subject header “Large Distributed
Brute Force WordPress Attack Underway – 40000 Attacks Per Minute.
Recently, we come across piece of content with titled “More
Than 162,000 WordPress Sites Used for Distributed Denial of Service
Attack”.
There are lots of ongoing Distributed Denial of Service (DDoS)
and Brute Force attacks against WordPress website.
It expands far beyond
that particular platform as its affecting lots of other platforms as
well like Drupal, Joomla and vBulletin. The major problem is that
these attacks are happening from last couple of months now and such
attacks become the part of the daily life.
Let’s have discussion
about the problems that website owners are facing to date in 2014 –
Distributed Denial of Service (DDoS) and Brute Force attacks.
Denial of Service
(DoS) / Distributed Denial of Service (DDoS)
When it comes to Denial
of Service (DoS) attacks and Distributed Denial of Service (DDoS)
attacks, they are the same thing and only thing that differentiating
the two is scale. Whenever you hear something about DoS attack, you
can expect that the attack to be marginal.
For most examples you
someone says DDoS, you will automatically think the opposite. Whether
DoS or DDoS, the attacker can make use of one or more computers.
Moreover, the DoS attacks are on the lower end of that spectrum while
DDoS attacks are on the higher end of that spectrum.
In reality, there are
lots of compromised servers that can be your own website server and
there are also some chances of leveraging pingback features like the
one that shared earlier this week. The main values of a DoS / DDoS
attack are extremely simple as the idea as well as the intent is to
upset your service.
Recently, the US-CERT
offers this description “In a
denial-of-service (DoS) attack, an attacker attempts to prevent
legitimate users from accessing information or services. By targeting
your computer and its network connection, or the computers and
network of the sites you are trying to use, an attacker may be able
to prevent you from accessing email, websites, online accounts
(banking, etc.), or other services that rely on the affected
computer.” The explosion of DoS/DDoS
attacks is certainly attributed to the ever-growing DDoS-for-hire
service market.
Why DDoS a Website?
Many of you all have lots
of questions like why and how, so here is the complete list of
reasons that come-up with that best help comprehend why someone would
do something like this:
- People bored with nothing better to do.
- Political agenda – Malaysian Elections 2013
- You’ve pissed people off – Brian Krebs – The Researchers Hackers Love to Hate
- You’re in competition with each other
So, what you think is there anything that fit
into any of them? The odd is that everyone, who is reading this, is
most likely does.
Brute Force Attacks
Now, let’s have a look on Brute Force
Attacks:
Brute force attacks have shared some
similarities with DoS/DDoS
attacks that are independent attacks in it of them. However, the
whole focus is extremely different from what you would come to expect
of DoS/DDoS attacks. The Open Web Application Security Project
(OWASP) group gives an expressive description:
“A brute force
attack can manifest itself in many different ways, but primarily
consists in an attacker configuring predetermined values, making
requests to a server using those values, and then analyzing the
response. For the sake of efficiency, an attacker may use a
dictionary attack (with or without mutations) or a traditional
brute-force attack (with given classes of characters e.g.:
alphanumeric, special, case (in)sensitive). Considering a given
method, number of tries, efficiency of the system which conducts the
attack, and estimated efficiency of the system which is attacked the
attacker is able to calculate approximately how long it will take to
submit all chosen predetermined values”
Bruce Forcing a Site, but Why?
We also talked earlier about the main aim of
Brute Force attacks, which is
basically a lot different from DoS/DDoS attacks. The main aim
objective of it is to access. In the deep down of the web, we all
know that access is king. Attackers can easily achieve notoriety
amongst their peers with it and also attain huge economical gains and
bring some pain to their virtual presence.
How to protect
yourself from Brute Force
/ Denial of Service Attacks?
Recently,
the huge growth causes a great deal and information overload for lots
of website owners. When it comes to biggest delusion,
it is the idea that local solutions are addressing or fixing the
growing dilemma, that is these DoS/DDoS and Brute Force attacks. But
the reality is solutions like extensions as well as plugins that do
not and won’t begin to scratch the surface.
In
the up-coming months as well as year, we can see that the true
success lies in service based Website Firewalls with its own
infrastructures that especially designed to handle numerous issues.
Well, the actual solution comes down to the sharing, analysis and
segmentation of the traffic load. The biggest challenge is around
intelligence, not common intelligence, but attack as well as data
intelligence.
We
all know that local solutions are limited to the instant field of
vision. To make and employ suitable counter measures of information
is not in the favor and it is one of the cruel realities of the
current situation.
Keep
visiting our blog to get latest and updated information about opensource website development and customization. You can also get an
assistant from professionals by clicking here.
Visit This Company Portfolio Click here.
About the Author
0Awesome Comments!