Pwnd Aethra Routers Used To Brute-Force WordPress Sites (voidsec.com)

← Back to Stories (view on slashdot.org)

Pwnd Aethra Routers Used To Brute-Force WordPress Sites (voidsec.com)

Posted by timothy on Friday December 25, 2015 @08:40PM from the malice-in-multiple dept.

An anonymous reader writes: Security researchers found around 8,000 Aethra routers (with no admin passwords) as part of a botnet that attacked WordPress sites, trying to brute-force admin accounts. Most routers were deployed in enterprise networks in Italy. Each device could have be used to launch DDoS attacks with a capability between 1 to 10 Gbps, based on the company's bandwidth. Things could be worse, though: Additional investigation also revealed that some of the routers were also susceptible to various reflected XSS and CSRF attacks that would also allow attackers to take control of the device, even if using different login credentials. Using Shodan, a search engine for locating Internet-connected devices, researchers found over 12,000 of Aethra routers around the world, 10,866 in Italy alone, and over 8,000 of these devices were of the model detected in the initial brute-force attack (Aethra Telecommunications PBX series). At that time, 70% of these Aethra routers were still using their default login credentials

27 comments

Min score:

Reason:

Sort:

Eric Cartmen is that you? by Anonymous Coward · 2015-12-25 22:09 · Score: 0

I think it must!
Wordpress needs brute forcing? by DCFusor · 2015-12-25 23:05 · Score: 1

It always worked on the first try for most!

--
Why guess when you can know? Measure!
Wake me up... by ls671 · 2015-12-25 23:23 · Score: 0

zZZzzz....
What? Please wake me up when something really new happens.
zzZZZZzzzz....

--
Everything I write is lies, read between the lines.
ISPs.... I wanna kill them by Anonymous Coward · 2015-12-26 00:18 · Score: 0

Why are ISPs deploying routers with no goddamn admin password.... that's the problem here.... and why are they messing with the firmware...
1. Re:ISPs.... I wanna kill them by ls671 · 2015-12-26 00:46 · Score: 1
  
  Same old, same old. I have come to adapt to this. Here an interesting link tending to show that people make the same mistakes over and over again without relevance to the the era:
  http://www.tamingdata.com/2010...
  I have to a point where I don't react to such event that much...
  I get more concerned with stuff like Heartbleed or Shellshock and other security updates.
  I run my own Linux router at home and in the data center. I would never use the ones provided by the provider.
  
  --
  Everything I write is lies, read between the lines.
2. Re:ISPs.... I wanna kill them by KGIII · 2015-12-26 04:22 · Score: 1
  
  My ISP has been trying to get me to use their provided equipment for years now. I have three separate lines (long story, don't ask) and they send out three new router/modem combinations at least once a year. Last year I got six for some reason. They've called and told me I must. They've emailed me. I just tell them that I'd rather not and thank them for offering. I have a small stack of unopened ISP routers (from Fairpoint) at the house. They're certainly wasting money as they've never once asked for any of them back. I think I got an email once saying that I was supposed to start using theirs in 30 days or something like that. I didn't.
  Down here, I have cable and only turn it on when I am down here. I have some Motorola router/modem thing from NewEgg or Amazon probably. I think I had to call and give them the MAC the first time but I've not needed to do so since. I just call ahead, usually a week ahead, and they turn it on. I call when I leave and they turn it off again. It appears they turned on cable television this time. I don't recall asking for that but I might have.
  Meh... The missus is starting to get used to my watching documentaries so maybe it'll come in handy. We had the news on the other day. One of them there newfangled colored tele-visions. Except I don't actually recall buying that television. I've not been down here in a while so I'm guessing drugs or alcohol were somehow involved in the purchase of said tele-vision. It might have been one of the kids who picked it up while they were here. PCB is home of Spring Break and they've made more use of this place than I have.
  
  --
  "So long and thanks for all the fish."
3. Re: ISPs.... I wanna kill them by Anonymous Coward · 2015-12-26 09:09 · Score: 0
  
  I sure do love story time with Abraham Simpson.
4. Re: ISPs.... I wanna kill them by KGIII · 2015-12-26 09:44 · Score: 1
  
  You missed last night. I don't normally drink but I had a couple with the kids and g/f. Fortunately, not too many and I didn't go off the rails ranting about something different. I'm kinda tired tonight so you'll have to find a new bedtime story.
  I recommend some awful (so bad it's good) science fiction.
  http://www.baenebooks.com/10.1...
  
  --
  "So long and thanks for all the fish."
Breaking News... by pellik · 2015-12-26 00:45 · Score: 0

Shodan search results mistakenly selected as Slashdot article for fourth time in a single month. Details at eleven.
Softpedia^WSlashdot News by Anonymous Coward · 2015-12-26 03:21 · Score: 0

Since when has Slashdot become a lazy frontend for softpedia? Do the editors get revenue from the ads on their site, or some such?
The articles there are a paragon of bad technical journalism. The editors are anonymous, and they often don't link to the original content or source of data for the article. Softpedia has the stigma of technical ignorance, much like wired and gizmodo. Do us all a favour and spare us this drivel.
Protecting WordPress, Basics by Qbertino · 2015-12-26 04:02 · Score: 2

- 'Rename Login' Plugins - there are various. Use them.
- Use random character strings for usernames, especially admin users. Rename the nicename and the displayname to the role using a db tool.
- use a db prefix other than wp_ , I use random strings.
Do all this upon or directly after the WP installation. This very basic security stuff deters attacks like the one mentioned in TFA and mitigates most of its effects.

--
We suffer more in our imagination than in reality. - Seneca
1. Re:Protecting WordPress, Basics by Anonymous Coward · 2015-12-26 04:29 · Score: 1
  
  Thanks. I'll post this as AC though I doubt I'll have time to fill up my alloted 50 posts today. I'm actually consider a WP install (I've not done one in years) and will keep those in mind. There are a few security plug-ins as well, some paid and some free. I'll probably do some research but I'll keep those things in mind and make sure I figure out how to do them.
  That post, the one right above mine, is one of the reasons I come to Slashdot. I've said it before, I'll say it again. Some of you are really smart and know some of the damnedest things. I can't think of any bad advice that I've followed from here. Hell, I even (kind of jokingly, sort of not) asked about my g/f before I decided to date her and take her with me on my wanderlust. (We bumped into each other by accident and she kind of stuck.) She's like 40 years my junior and I figured you'd helped me pick my favorite Linux distro so, I might as well ask for more advice. So far so good. *chuckles*
  Anyhow, thanks again. I even copied and pasted it into a text file so that I look into 'em. Someone's gotta say thanks around here.
  KGIII
2. Re: Protecting WordPress, Basics by Anonymous Coward · 2015-12-26 09:06 · Score: 0
  
  I'll say thanks when you get a God damn blog and stop spamming /. with your life story.
3. Re:Protecting WordPress, Basics by Anonymous Coward · 2015-12-26 10:58 · Score: 0
  
  Or, you know, recognize that WordPress is an insecure pile of shit which is broken out of the box and stop using the fucking thing?
  How many stories have we seen this year which pretty much stated this?
  It's broken and defective. Stop pretending it's worth saving with plugins to try to patch the pile of holes which is WordPress.
4. Re: Protecting WordPress, Basics by Qbertino · 2015-12-27 00:42 · Score: 1
  
  Language?
  100 Million installs, 8000 succsessful hacks with the method mentioned in TFA - I'd say thats a pretty good security record. Even if WP is a mess - its a mess thats works.
  
  --
  We suffer more in our imagination than in reality. - Seneca
5. Re:Protecting WordPress, Basics by Anonymous Coward · 2016-01-03 00:41 · Score: 0
  
  Distirbutor Nasa
  Agen Nasa
  Jasa Pembuatan taman
  Daftar Agen Nasa
  pepadun
  Pupuk Nasa
  Pupuk Nasa
  Marketplace Online Indonesia
  Marketplace Online Indonesia
  Marketplace Online Indonesia
  Artikel Motivasi
  Dwi Dhini Oktaviani
  Jasa SEO
Yup. by Anonymous Coward · 2015-12-26 04:17 · Score: 1

You should have renamed Admin when you created the site. You should never have a test ID. And you should have https://wordpress.org/plugins/... to spam you in times like these...
"Pwnd"? by NormalVisual · 2015-12-26 04:31 · Score: 1

Really? Such a professional-sounding headline. "Compromised" might have offered a little more credibility rather than years-old teen l33t speak.

--
Please stand clear of the doors, por favor mantenganse alejado de las puertas
1. Re:"Pwnd"? by Fnord666 · 2015-12-27 17:00 · Score: 1
  
  Because "Posted by timothy on Saturday ..."
  
  --
  'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
So how many routers were actually infected ? by Fly+Swatter · 2015-12-26 04:59 · Score: 1

They mention numbers like 8000, but nowhere do they directly say how many were infected. Only that such number had the default (no) password. Damn fine journalism if you ask me!
Lighten Up by Anonymous Coward · 2015-12-26 06:26 · Score: 0

Really? Such a professional-sounding headline. "Compromised" might have offered a little more credibility rather than years-old teen l33t speak.
Which part of "News for Nerds, Stuff that Matters" escaped your corporate brain?
1. Re:Lighten Up by Anonymous Coward · 2015-12-26 06:33 · Score: 0
  
  Nerds don't use terms like "pwned".
2. Re: Lighten Up by Anonymous Coward · 2015-12-26 07:46 · Score: 0
  
  I think you are in the wrong place. There is an article on slashdot about your kind. I believe
  It had to do with Star Wars and gaming geeks. What we real geeks like to call posers.
3. Re:Lighten Up by Anonymous Coward · 2015-12-26 18:14 · Score: 0
  
  Slashdot was never a very professional news source (actually an aggregator; they don't do any reporting) but they used to at least pretend to have standards.
  The quality of news and comments in this place has gone so far down the shitter, I think I need a periscope to see any real information or insight.
  Now that they're shoehornign "sponsored" content directly into the news stream, I think it's time to throw in the towel... for me AND them.
4. Re: Lighten Up by Anonymous Coward · 2015-12-26 20:14 · Score: 0
  
  Stop projecting.
  I hate to break this to you kid, but if you use the term "pwned", which was coined by gamers (AKA poser nerds), then you're not a nerd.
Aethra? WTF!?!?! by Hognoxious · 2015-12-26 11:37 · Score: 1

It's like a tube. A tube full off piss.

--
Confucius say, "Find worm in apple - bad. Find half a worm - worse."