1.6 Million WordPress Sites Hit With 13.7 Million Attacks In 36 Hours From 16,000 IPsQuote
Today, on December 9, 2021, our Threat Intelligence team noticed a drastic uptick in attacks targeting vulnerabilities that make it possible for attackers to update arbitrary options on vulnerable sites. This led us into an investigation which uncovered an active attack targeting over a million WordPress sites. Over the past 36 hours, the Wordfence network has blocked over 13.7 million attacks targeting four different plugins and several Epsilon Framework themes across over 1.6 million sites and originating from over 16,000 different IP addresses.
(https://images.weserv.nl/?url=www.wordfence.com%2Fwp-content%2Fuploads%2F2021%2F12%2FScreen-Shot-2021-12-09-at-2.06.11-PM.png)
The top 10 offending IPs over the past 36 hours include:
144.91.111.6 (DE, Contabo) with 430,067 attacks blocked.
185.9.156.158 (TR, SPDNet) with 277,111 attacks blocked.
195.2.76.246 (RU, VDSina) with 274,574 attacks blocked.
37.187.137.177 (FR, OVH) with 216,888 attacks blocked.
51.75.123.243 (FR, OVH) with 205,143 attacks blocked.
185.200.241.249 (RU, Timeweb) with 194,979 attacks blocked.
62.171.130.153 (DE, Contabo) with 192,778 attacks blocked.
185.93.181.158 (GB, M247) with 181,508 attacks blocked.
188.120.230.132 (RU, FirstVDS) with 158,873 attacks blocked.
104.251.211.115 (US, Nodisto) with 153,350 attacks blocked.
(https://images.weserv.nl/?url=www.wordfence.com%2Fwp-content%2Fuploads%2F2021%2F12%2FScreen-Shot-2021-12-09-at-2.18.22-PM.png)
https://www.wordfence.com/blog/2021/12/massive-wordpress-attack-campaign/ (https://www.wordfence.com/blog/2021/12/massive-wordpress-attack-campaign/)
https://web.archive.org/web/20211210124605/https://www.wordfence.com/blog/2021/12/massive-wordpress-attack-campaign/ (https://web.archive.org/web/20211210124605/https://www.wordfence.com/blog/2021/12/massive-wordpress-attack-campaign/)
https://archive.md/tIh6a (https://archive.md/tIh6a)