Published in News

Wordpress hacks coming in from the Ukraine

by on22 December 2016


Oh those Russians

Wordpress security outfit Wordfence has warned that it has detected an IP block in the Ukraine and says the attacks would appear to have Russian involvement.

Wordfence monitors the WordPress attack landscape in real-time and three weeks ago noticed a rise in brute force attacks. Most of these attacks are prevented using free software and Wordfence also has a blacklist of the worst offenders.

In the company bog, Mark Maunder – Wordfence Founder/CEO said his outfit had seen the number of brute force attacks double and the number of unique IPs attacking has doubled.

“Usually we see an average of around 13,000 unique IP’s attacking each day. We’re currently seeing over 30,000 unique attacking IPs and this is continuing to increase,” the report said.

After analysing attacks during the past 24 hours the Ukraine was the main culprit, responsible for over 15 per cent of total attacks and most of the attacks come from 8 IP addresses in Ukraine.

The IPs all belong to the same organization and are on the same network. They belong to a hosting company in Ukraine called “Pp Sks-lugan“. The servers are a mix. Some aren’t running any services. Others appear to be running Windows IIS web server.

The company that owns the malicious IP block is “SKS-Lugan”. They are based in Alchevs’k in eastern Ukraine. According to a business guide Victor sent me, they have 16 employees and their CEO is Lizenko Dmitro Igorovich.

The eastern part of Ukraine is currently occupied by Russia and shedloads of botnets use it as a command and control centre.

The IPs are using brute force attacks exclusively. They don’t launch any sophisticated attacks. They are hammering away at WordPress sites at a rate of over a quarter million login attempts each, in some cases, during a 24-hour period.

Another company on the list, “Iliad-Entreprises,” has eight IP addresses that launched between 50,000 and 210,000 attacks each during the past 24 hours. That is what makes up the bulk of the action on their network.

One thing which was interesting was that the moment Wordfence published its findings its comments board https://www.wordfence.com/blog/2016/12/who-is-really-behind-ukrainian-brute-force-attacks/ was immediately attacked by pro-Putin commenters claiming he was churning out propaganda for the US. It seems you can’t write anything remotely critical of Putin without your comments board going wacky for a few days.

Last modified on 22 December 2016
Rate this item
(0 votes)

Read more about: