Distributed botnet, around tens of thousands of bots with their respective IP addresses
A pass file of around 1000 entries with some normal passwords
Default username: ‘admin’
- WordPress 3.0 release before 3 years, users going on with ‘admin’ as their default username, and some usual password
- A brute-force with username: ‘admin’ and password from the above mentioned file
- The botnet, tries this attack on each and every wordpress portal available over Internet
A well-planned distributed attack (just like itsoknoproblembro shook the banking world) against some hot-spot over the Internet.
The wordpress web servers have very high bandwidth, practically unlimited. Any attack triggered from these servers will have a great impact. This can be done to create a better and huge zombie-net.
Save your wordpress! Change your password if the username is admin (and also, you need to change the username from admin to something else, for being secure).
Some more tips:
If you are using the .com for your wordpress, change your password and enable the 2 step authentication.
If you are the admin of wordpress installation on your server, you have some more steps to follow – like creating a password for the .wpadmin file and some security modifications in the .htaccess file.
More description for making these changes is available here: Hostgator Support for WP Attack