Administrators of sites using the popular blogging platform WordPress face a new challenge. At Security researchers have found that hackers are now launching coordinated brute-force attacks on the administration panels of WordPress sites via unsecured home routers. Once they have gained access, the attackers can guess the password for the page and commandeer the account. The home routers are corralled into a network which disseminates the brute-force attack to thousands of IP addresses negotiating around firewalls and blacklists. The flaw was detected by WordFence, a firm that offers a security plugin for the WordPress platform. The campaign is exploiting security bugs in the TR-069 router management protocol to highjack devices. Attackers gain entry by sending malicious requests to a router's 7547 port. The flaw is exacerbated by the fact that most home users lack the technical know-how to limit access to their router's 7547 port. In some cases, the devices do not allow the shuttering of the port.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street