CMS based Websites Face Major Threat

  • Post author:
  • Post category:Technical
CMS based Websites Face Major Threat

In today’s day to day life, people around the globe rarely spend much of their time in front of a Television or the newspapers in comparison to the Internet world to grasp the daily happenings. People depend on the Content Management Systems (CMS) to know more of the surrounding NEWS. The basic CMS available in the market are WordPress, Joomla, Drupal etc. But, the question is, are all CMS based websites secure ? The answer is also simple, NO. With this in our mind, the attacks have grown in the form of DDoS and Brute force. These attacks have been taking place for quite some time. Now the attacks have expanded to other platforms too.

Denial of Service (DoS) or Distributed Denial of Service (DDoS) :

The concept for DoS or DDoS is the same. The DoS is some what a marginal when compared to the DDoS. The DDoS shall be using 100’s or 1000’s of machines to bring in affect of the attack. The principle of a DoS / DDoS attack are very simple. The idea and intent is to disrupt your service.

People can think, why DDoS my service ?

Answer :

a. Attackers don’t have any other job left 🙂

b. Political strategy.

c. Something in personal.

d. You have got a competitor.

Brute Force Attack :

The Brute force attack is somewhat similar to the DoS/DDoS but independent in its kind. In the Brute force attacks, the intention is to access the contents or alter the contents.

With the emergence of the CMS based websites, an attacker, while going through the website feels himself already present in the backend virtually. Its as easy as that. A very little effort to peep into your business. For the CMS based website owners never take the trouble about the Security issues. Hence, this makes the Brute force attackers to simplify their job. Brute force is all about the people thing. As brute force focus over the “access”, the attacker would rather check or analyse the possibility of accesses available. When we say access control we’re referring to the websites entry-point (e.g., WordPress – wp-admin / wp-login.php and Joomla – /administrator). In a simple words, the attackers shall look for a simplest way to access through the website and they would use tools to pass a combination of username & password to get the access complete via the admin URL. They will try their luck out and say what, they will certainly get lucky.

admin – 84%

administrator – 4%

root – 4%

are percentage of username used by the Brute force attackers.


password – 14%

admin – 10%

123456 – 6%

are percentage of password used by the Brute force attackers.

Conclusion with the statement that there exists a solution is probably the fact for fooling around. Where the truth is, there is no permanent solution other than maintaining a well built Firewall, strong username, password etc.

Leave a Reply