Web Hosting And Domain Registration

6 Million Password Attacks in 16 Hours

This is from an article from  Wordfence which is one of the 3 different firewalls we have installed on EACH of our web sites

16 hour period from Sunday 2/14 until Monday 2/15

Last week in the President’s cyber security op-ed in the Wall Street Journal he implored Americans to move beyond simple passwords and to enable two factor authentication or cellphone sign-in.

One of the things we monitor at Wordfence is the number of brute force attacks on WordPress websites. Brute force attacks are password guessing attacks, where an attacker tries to sign in as you by guessing your password.

To give you an idea of the level of attacks in the wild, we gathered data on brute force attacks across the sites we protect within a 16 hour Window starting Sunday until Monday (yesterday) at 2pm Pacific time.

Here are the highlights. Remember, this is only over a 16 hour window which is relatively short.

During this time we saw a total of 6,611,909 attacks targeting 72,532 individual websites. We saw attacks during this time from 8,941 unique IP addresses and the average number of attacks per victim website was 6.26.

The total number of attacking IP’s was actually 55,391 but we only counted IP’s that generated more than 10 failed logins across all sites. That way we excluded accidental login failures.

So where are these attacks coming from. The results are not what you would expect. The table below shows the total number of attacks (brute force login attempts in this case) ordered by country:
Brute Force Attacks by Country during our 16 hour window.

Brute Force Attacks by Country.

The Ukraine is the top offender, but there is a specific reason for this which we explain below. The United States is second. Our hypothesis is that this is where most data centers are based and therefore most compromised sites, from which attacks are launched, will be based in the USA.

You’ll notice that the Ukraine is at the top of the list. Over 86% of those attacks come from just two IP addresses at a Ukrainian hosting provider. These two IP’s generated 2.4 Million attacks between the two of them.

During just 16 hours, they targeted 37,454 unique victims.

The two attackers that we analyzed are based at a Ukrainian hosting provider. They caused their Ukrainian hosting provider to account for more attacks than the next 19 hosting providers, combined.

We currently record attack information at a rate of 114 attacks per second. Analyzing data like this at Wordfence helps us understand the changing attack landscape and how to better protect our customers.