Home Router Botnet Resumes Attacks
Yesterday at 7pm UTC (noon PDT) we saw the volume of brute force attacks on the WordPress sites that we protect more than double from the average for the previous 24 hours. The number of attacking IPs more than tripled. The chart below shows the count of attacks per hour from June 12th onward. You can see a very obvious spike followed by about a 10-hour pull-back, and then another surge almost back to the high we saw with the spike.
Home Routers Again?
Back in April, we wrote about a home router botnet that was being used to attack WordPress websites. Many of those attacks were originating from IPs that had a specific port (7547) open and were running a vulnerable version of remote management software called Rompager. We published a list of 28 ISPs with suspicious attack patterns indicating compromised routers and built a tool that checks if your router is vulnerable. In early May we wrote about that same botnet shutting down.
In the table below we show the top 20 ISPs by number of IP addresses involved in the latest surge and actively attacking. We also show the average number of hourly attacks per IP. Please note the the average is likely understated, as we accumulated attacks during
Source: https://managewp.org/articles/15331/home-router-botnet-resumes-attacks
source https://williechiu40.wordpress.com/2017/06/15/home-router-botnet-resumes-attacks/