also @ TechSpot: Qualcomm shows off Mirasol, 1.5-inch panel shipping in products soon

Hackers gain root access to WordPress servers

By

On April 14, 2011, 4:47 PM

wordpress, hacki
Automattic, the folks behind WordPress, suffered another blow to its security this week after a hacker gained access to servers containing sensitive company and user data. In a blog post yesterday, President Matt Mullenweg described the breach as a "low-level (root) break-in)" that would have given the attacker access to "potentially anything" on several of Automattic's servers.

After reviewing internal logs, the company believes its source code was exposed and copied. "While much of our code is open source, there are sensitive bits of our and our partners' code," Mullenweg explained. Based on its records, the company doesn't believe much if any other sensitive information was compromised.

Even if the hackers copied user passwords, they're all hashed and salted using phpass. In other words, you should be safe unless you use something incredibly lame like "qwerty". If you're concerned about the safety of your account, Mullenweg offers a few tips:

  • Use a strong password, meaning something random with numbers and punctuation.
  • Use different passwords for different sites.
  • If you have used the same password on different sites, switch it to something more secure.

Gawker Media's servers were breached last December and a hacker group published some 1.3 million user emails and passwords via BitTorrent. Some 200,000 weak passwords were decrypted very quickly revealing that thousands of users were safeguarding their accounts with passwords such as "123456," "password," and "abc123".

In early March, WordPress was nailed by several large distributed denial of service (DDoS) attacks that originated from China. The first attack amounted to multiple Gigabits and tens of millions of packets per second bombarding their servers, which crippled all three of the company's data centers and resulted in connectivity issues for the service's 18 million hosted blogs.

,

6 comments

User Comments: 6

Got something to say? Post a comment
  1. April 14, 2011 6:44 PM
    Vicenarian said:

    Why can't the people that control the internet, implement something like this:

    An uber-smart "switch" that detects DDoS attacks against websites via traffic/protocol analysis, and automatically cuts off the attackers simply by closing their connections.

    How hard would that be? Honestly...

    Reply
  2. April 14, 2011 7:22 PM
    R3DP3NGUIN
    R3DP3NGUIN said:

    there is already sufficient hardware and software solutions, I dont think many companies will upgrade to the latest and greatest of technology though, due to the cost factors and stability and reliability .etc.

    Reply
  3. April 15, 2011 1:42 AM
    PinothyJ said:

    Why DDoS Wordpress, what did they do to you?

    ...

    Reply
  4. April 15, 2011 2:18 AM
    Leeky
    Leeky, TechSpot Moderator, said:

    Why DDoS Wordpress, what did they do to you?

    ...

    Like any market leader in their chosen area, they'll be targeted.

    Either that or Sony must have been running a Wordpress blog somewhere....

    Reply
  5. April 15, 2011 5:10 AM
    Norbur
    Norbur said:

    Really sad to see this - somebody's blog must have started a riot in China, perhaps one about time travel?

    Reply
  6. April 15, 2011 9:40 AM
    Staff
    Per Hansson
    Per Hansson, TS Server Guru, said:

    vicenarian; DDoS is not easy to control at the hardware layer.

    What a DDoS is is just millions of hosts asking for a specific webpage at the same time.

    To an untrained system admin it will just look like the "Slashdot Effect"

    That is when a smaller site gets linked from a much larger site and succumbs due to the sudden increase in traffic from said site (Been there, got the T-Shirt and all )

    And infact a well done DDoS attack will be impossible to filter, if the users (probably part of a botnet, or not in the case of the software LOIC willing participants) do a good job their traffic will indeed be just like the normal HTTP traffic your servers serves daily...

    Reply

Recently commented stories

Post a new comment

Social Login & Guest Posting TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.
TechSpot on:

Most Popular

Trending Featured
More Trending Topics

Featured on Laptops

Downloads and Drivers

Downloads   Drivers  

1by1 1.79

MKVToolNix 6.2.0

WinDirStat 1.1.2

SketchUp 13.0.3689

MessageMe for Android 1.0.11

More Downloads

Latest Discussion

Monitor - No display when i put my HD6670 into motherboard 6 replies on Audio and Video

How did my Windows key become disabled? 15 replies on Other Hardware

Screen saver stop working after installing Norton 12 replies on Software Apps

Need advice on router-buy 5 replies on Storage and Networking

Windows load screen at boot, looong black screen, then normal startup 61 replies on Windows OS

More Recent Discussion

Subscribe to TechSpot

Get free exclusive content, learn about new features and breaking tech news.