WordPress

Botnet attack on UBC WordPress websites

For the past 24 hours (since about 10PM on 21st July 2014), UBC IT has detected a large botnet attack specifically targeting WordPress websites. If your site is hosted on UBC CMS or UBC Blogs, you should have no reason for concern. This sort of attack happens regularly and we have systems in place to mitigate against issues of this sort.

As UBC Blogs and UBC Wiki are behind the CWL, attacks don’t reach the servers hosting these services.

For other WordPress websites, outside of CMS and Blogs, you may have noticed a slow-down as their servers may be publicly accessible. If you are the administrator of small-to-medium WordPress websites on campus, I recommend installing and activating the WordFence plugin. This plugin adds several layers of security to your site and should work ‘out of the box’. If you wish to specifically ban the IP addresses being used at the moment, here’s a list of the IP Addresses that we have detected;

  • 83.166.232.57
  • 83.166.232.20
  • 83.166.232.14
  • 83.166.232.56
  • 83.166.232.50
  • 83.166.232.19
  • 83.166.232.15
  • 36.250.243.25
  • 115.211.224.21
  • 180.158.32.58
  • 94.244.25.97
  • 46.35.255.250
  • 37.115.86.78
  • 178.92.211.97
  • 109.196.178.179
  • 173.79.120.88
  • 94.230.93.70
  • 86.170.32.166
  • 77.93.60.68

This list is not exhaustive, but should be a good start. Note, however, that at the moment I don’t recommend WordFence for large WP installs or very high traffic sites. There is a noticeable performance issue. I recommend in that case that you speak to your faculty’s IT department.

Standard