Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Security Botnet IT

Pwnd Aethra Routers Used To Brute-Force WordPress Sites ( 27

An anonymous reader writes: Security researchers found around 8,000 Aethra routers (with no admin passwords) as part of a botnet that attacked WordPress sites, trying to brute-force admin accounts. Most routers were deployed in enterprise networks in Italy. Each device could have be used to launch DDoS attacks with a capability between 1 to 10 Gbps, based on the company's bandwidth. Things could be worse, though: Additional investigation also revealed that some of the routers were also susceptible to various reflected XSS and CSRF attacks that would also allow attackers to take control of the device, even if using different login credentials. Using Shodan, a search engine for locating Internet-connected devices, researchers found over 12,000 of Aethra routers around the world, 10,866 in Italy alone, and over 8,000 of these devices were of the model detected in the initial brute-force attack (Aethra Telecommunications PBX series). At that time, 70% of these Aethra routers were still using their default login credentials
This discussion has been archived. No new comments can be posted.

Pwnd Aethra Routers Used To Brute-Force WordPress Sites

Comments Filter:
  • It always worked on the first try for most!
  • zZZzzz....

    What? Please wake me up when something really new happens.


  • Shodan search results mistakenly selected as Slashdot article for fourth time in a single month. Details at eleven.
  • by Qbertino ( 265505 ) <> on Saturday December 26, 2015 @11:02AM (#51186063)

    - 'Rename Login' Plugins - there are various. Use them.
    - Use random character strings for usernames, especially admin users. Rename the nicename and the displayname to the role using a db tool.
    - use a db prefix other than wp_ , I use random strings.

    Do all this upon or directly after the WP installation. This very basic security stuff deters attacks like the one mentioned in TFA and mitigates most of its effects.

    • by Anonymous Coward

      Thanks. I'll post this as AC though I doubt I'll have time to fill up my alloted 50 posts today. I'm actually consider a WP install (I've not done one in years) and will keep those in mind. There are a few security plug-ins as well, some paid and some free. I'll probably do some research but I'll keep those things in mind and make sure I figure out how to do them.

      That post, the one right above mine, is one of the reasons I come to Slashdot. I've said it before, I'll say it again. Some of you are really smar

  • by Anonymous Coward

    You should have renamed Admin when you created the site. You should never have a test ID. And you should have [] to spam you in times like these...

  • Really? Such a professional-sounding headline. "Compromised" might have offered a little more credibility rather than years-old teen l33t speak.
  • They mention numbers like 8000, but nowhere do they directly say how many were infected. Only that such number had the default (no) password. Damn fine journalism if you ask me!
  • It's like a tube. A tube full off piss.

No line available at 300 baud.