Categories
Uncategorized

Staying secure

This is a proactive notice provided to advise our clients of an attack on many websites by robots.
Our password policy is quite robust and should withstand such attacks.
If you have changed your password to something that is easier to remember (especially if you are using the admin or administrator account) please review your password against these notes.
Our backend hosting service Quadrahosting has taken special measures to protect our clients. Those of you on other hosting services may receive similar messages.
The general text of the Quadrahosting message is below.
If you want the details of the actions taken by Quadrahosting on our behalf, please contact Ebono Institute directly and we can discuss them with you. If your site is hosted elsewhere we will refer you to your hosting agency.
There have been unprecedented global attacks against WordPress sites all over the world. They are not specifically targetting your sites or Quadra Hosting in particular. It appears that someone or a group of hackers have unleashed their army of bots to target all WordPress sites that they can find on the Internet. While such brute force attempts are normal and they do happen all the time, this particular instance has been particularly intense in the past 24-48 hours.

Their currently known method of attack is by brute force, attempting to login and access wp-login.php using various combinations of usernames and passwords. While it currently seems that they are trying to use “admin” as the username, their technique may change in the future.

Receiving this email does not mean that your web site has been hacked. We are sending this announcement to all our customers as a general announcement.

Whether you have WordPress based sites, or perhaps Joomla, Drupal, Magento, etc, we strongly recommend you to make sure that your password is cryptographically secure. Do not use any common words or names of people as your password. Basically if your password can be found in the (English) dictionary, it is considered weak and can be guessed by the hackers. We have seen them also attempting to use common names such as “jason”, “ryan”, etc.

Please use cryptic passwords with a combination of upper and lower case and throw in a few numbers for a good measure. Don’t use “123” or any sequential series of numbers!

Leave a Reply