Service affected: Services hosted on Panelbox servers
Start: Tuesday, April 11th 2013 at 3:30 p.m.
Impact: Potential slowdown of services hosted on these servers
Estimated time of resolution : Undetermined
This is an email message to let you know that we detected on multiple Panelbox servers that massive brute force attacks were active against our servers. Brute force attacks can be defined by the fact that they try to know what are the credentials of an interface by trying all possible passwords by making repetitive requests. In this case, this is the main connection WordPress page (wp-login.php) which is targeted by malicious peoples.
Currently, thousands of IP addresses tried to access to these files, which add an additional load in our servers that can be resulted of a slowness of the service we offer in our architecture.
According to our searches, this situation affects a high number of hosting companies that confirm that this is a global attack against WordPress websites.
We are currently working to limit the impact of this incident in your services and we will publish an update regarding the resolution of this issue in one hour.
We suggest you to take all required measures to assure that your WordPress installation is secure, including these ones :
1) We suggest you to get a secure password that has more than 10 characters including letters, numbers and special characters.
2) Make sure that the version of your WordPress installation is updated. Old versions of this software are vulnerable to security vulnerabilities.
3) Make an anti-viral analysis on your computer to assure that it does not contain malwares.
We apologize for any inconvenience this situation may cause. If you have any questions, please do not hesitate to contact our support team (http://www.funio.com/contacts/).
Thank you for your patience and understanding.
—
Update : Tuesday, April 11th 2013 at 5:15 p.m.
We are still working to assure the stability of our service during this attack. We will publish the next update in 1 hour.
—
Update : Tuesday, April 11th 2013 at 6:15 p.m.
We are still working to assure the stability of our service during this attack. We will publish the next update in 1 hour.
—
Update : Tuesday, April 11th 2013 at 7:20 p.m.
We are still working to assure the stability of our service during this attack. We will publish the next update in 1 hour.
—
Update : Friday, April 12th 2013 at 8:00 a.m.
Due to the increase in brute-force attacks against WordPress, we had to take drastic measures to ensure the stability and performance of the infrastructure as a whole. As such we have disabled ALL ACCESS to WordPress’s wp-login.php page on all Panelbox servers until a more efficient fix is found. Again this is a global attack and most hosting providers – large and small – are affected by this attack and are using the same mitigation measures at this time. We are working with some of those providers to find a more effective solution.
—
Update : Friday, April 12th 2013 at 6:00 p.m.
The situation has been stable throughout the day as the attacks have stopped completely. We are still monitoring the situation very closely in case it comes back. As such we have re-enabled access to WordPress’s login and admin pages. We are marking this case as closed.
