The Great Bot Attack of 2014 and What to Do About it

DDoS, Brute Force, botnet, hacked – these are just a few of the words that have become common place for site owners this year. None of us wanted thoughts of site security to consume our day. We’ve got important things to do! But here we are, in the midst of the highest sustained bot attack in history.

Why is this happening? What can we do about it? The one thing you can’t do is ignore it, whether you’re a site owner or not.

If you own any smart device hooked to the Internet, you’re involved, and affected, and it’s going to take all of us to shut the cyber-attacks down. See how you can be part of the solution.

Starting the New Year with a Bang

While most of the world was sleeping off New Years celebrations, bot nets targeted and took down HostGator, BlueHost and other major hosts in a massive attack.

That attack was even bigger than the one in April 2013 that woke everybody up because it brought down so many sites.

Ramp Up in February

And then the bots took it up another notch.

It prompted me to write Bot and Hacker Attacks are Escalating – Protect Your Site

In it I tried to help folks become familiar with all the new lingo, like DDoS and the new DrDoS attacks. And exactly what a Brute Force attack was. Plus how to prevent them all.

Other security pros were also writing about it.

Nobody much listened.

It Got Real in March

Brute Force attacks went haywire in March. So I wrote DDoS Attacks, Brute Force Attacks, and Site Security with more info on the changing attack vectors and new malware scanners that had been made available online, all in an effort to make it easy for owners to check their sites.

We tried to warn folks that these things were getting bigger and more frequent.

Nobody much listened.

Bots in the Cloud

Then the news released. 900 Botnets Ready to Attack Sites. They were all found on the Tor Network.

Each botnet was 1000s of computers strong.

And now PC World and others report that Attackers install DDoS bots on Amazon cloud, exploiting Elasticsearch weakness.

New XML-RPC Attack Vector

The bots change strategies all the time. The next thing they went after at the end of March was a new weakness that was now turned on by default in WordPress. It was a handy feature for pingbacks and trackbacks, but those were things folks didn’t use much anymore. However, it is used by apps for remote posting.

The bots decided to exploit it in a massive DDoS attack.

The call went out to turn it off.

Disable XML-RPC in WordPress to Prevent DDoS Attack

Most folks wanted to keep the convenience of remote posting, so they only turned it half way off.

And the bots took advantage in August. In a joint effort, both Drupal and WordPress combined to close a vulnerability in PHP’s XML processing and rolled out an emergency patch in WordPress version 3.9.2.

Russian Hack Attack

On the same day as the new WordPress release, a Russian cyber gang stole over 4.5 billion records from 420,000 websites. The heist consisted mostly of personal credentials including 1.2 billion passwords and 500 million emails.

Watch the Numbers Climb

The WordFence home page has a live view of reported bot hits per minute being reported by their users. The average prior to March 2014 was 5,000 hits/minute. As of the date of this post, the new average is 35,000 hits/minute and has been in a steady climb up to this for 1.5 months.

Why are Hackers Doing This?

Simple. Money. Lots of it. Billions of dollars. All that stuff the Russian gang got, they can sell it, for big money. And then there’s BitCoin to steal too. And how much more money do you think they can get if they set up a middle man spying station on everything you do online? Like I said, billions of dollars. So no, they don’t have anything better to do.

What Can You Do?

First, take cyber security seriously.

That goes way beyond your site and your computer. It includes everything hooked to the Internet. Literally. It’s called the Internet of Things (IoT) and it includes your cell phone, Xbox, your wi-fi router, home security systems, and even smart refrigerators.

Secure Your Stuff

Ensure that everything you touch that is connected to the Internet has a secure connection. That also includes the way you pick up your email, or FTP into your account.

And watch it with all those apps that want to access info on the networks they are connecting to. Check what it is they are accessing.

Lock down your WordPress site. It’s a prime target.

Prevention!

Since late June, the bots have been probing and amassing. They only started setting off major fire alarms in early August.

More and more hosts are sending out more and more emails to site owners telling them they have exceeded their resource limit, and/or the account has been limited or suspended.

It’s easier and cheaper to prevent that than it is to fix it after the fact.

There’s no excuse for not locking down your site. There are more ways than ever to do it. And more people to hire than ever too.

Just make it happen. You’ve been abundantly warned.

There are plenty of posts linked here for you to read to get you going.

But, I suppose most folks are going to wait until they feel the pain. That probably won’t be long now.

Ready for your Site Audit yet?
How much is peace of mind worth?