apache's mod_security comes in pretty handy for reducing the cpu load caused by these attacks; we've seen many sites we host getting hammered on the wp-login.php page from these bots. Here's the rules that block the bad requests: https://docs.google.com/document/d/1wCpp7U5uOw_krEkQrm9NXFf2LjpGvlZ7uoOK 0Ok4LGM/pub David
-----Original Message----- From: Damian Menscher [mailto:damian@google.com] Sent: Monday, April 15, 2013 7:17 AM To: Steve Cc: nanog@nanog.org Subject: Re: [ PRIVACY Forum ] Huge attack on WordPress sites
FYI, the "new" part of this news is that the current botnet is 10x larger than the one you're thinking of.
Damian
On Sat, Apr 13, 2013 at 5:39 AM, Steve <angst1974@yahoo.com> wrote:
This is pretty old news , this "super bot-net" of compromised Wordpress sites ( and others) has been attacking since September
Sent from my iPhone
ONANOG Digest,
*************************************