theronb writes:
From the
article [wordfence.com] on the WordFence security plugin web site (I have no iron in that fire):
"There is currently a botnet that has been identified that is targeting WordPress websites with a password guessing attack... The botnet is powered by modem/router devices. ISP’s are gradually patching the devices but many are left vulnerable or infected as some ISP’s respond slowly to this issue...
What he discovered is that the IP’s attacking his site were all devices. They were all Aethra modem/routers to be exact. By doing some further sleuthing he discovered that all the Aethra devices involved in the attack were using default login credentials (blank/blank)."
The WordFence post also links to more information on
Voidsec.com [voidsec.com] by the guy who discovered it.
Original Submission