April 12, 2013

Apparently there is a surge in malicious attacks against WordPress and similar platforms (I have seen Joomla sited as well) in the form of a brute force login attempt.

I have been working with two hosts this week on a related issue, Rackspace and GoDaddy. The immediate issue we recognized was that WordPress users could not register new accounts, login and/or site administrators could not log into the admin area of a site.

Symptoms and error messages were:

When logging in, registering or trying to access the admin area of a site, the following error messages would appear after submitting the form.

FireFox

‘The connection was reset’

Chrome

‘Error 324 (net::ERR_EMPTY_RESPONSE): The server closed the connection without sending any data.’

IE

‘This page can’t be displayed’

Both hosts recognized a large increase in brute force attacks being made on WordPress and simular systems. Both hosts have tired to combat the attacks with changes to their systems which resulted in the conditions described above. At this time Rackspace has provided a workaround (requires a code change) and GoDaddy is working on the issue (check current status here).