More about the botnet

As we already wrote, A botnet is raging all over the world, guessing passwords for sites on popular CMS: Wordpress, Joomla, DLE. This all started around the beginning of April 2013 (for example, news with description) and has not stopped to this day. At first, we analyzed the logs, calculated the most active IP addresses and blocked them. Then they blocked access only to the admin login pages. Over the course of a month, we added about 7,500 IP addresses to the block list, while at the beginning of April there were more than 90,000 infected servers. In general, it’s a pursuit of yesterday that will never end. Today we launched a new anti-brute force system. It's much simpler, more elegant, and doesn't block anything. When entering the admin panel pages, you are prompted to enter a captcha and, if successful, redirects to the admin login page. Bots are cut off, client IP addresses are not blocked. The captcha issues a cookie that is valid for 24 hours, but is reset at 00.00 at night. If you get tired of entering the captcha and your IP address is static, you can contact support - we will add it to the white list. In case of any problems, contact technical support. 08/04/2013. Continuation of the story with botnen