Malware in Italy has reached a new level

• January 29, 2015
• technology  
• wordpress  

I wrote a post back in December 2014 about the surprising volume of attacks on my WordPress blog from computers located in Italy. I’m writing this article to document that the attacks have reached a new level. As of today 5.1% of the computers in the 93.61.72.0/21 subnet (104 of 2048) have attacked my WordPress blog. Not even China has a subnet with 2048 computers wherein one in twenty has attacked my site. I’ve now blacklisted 2451 computers located in Italy for attacking my site. That is more than the next ten countries combined (I’ve blocked 770 computers in China and 741 in America).

I would love to know what attack vector has caused so many computers in Italy to be infected with malware that probes WordPress sites for valid account credentials.

Update 2015-02-06: I haven’t seen a wp-login.php attack from Italy in the past five days. Apparently that botnet was told to focus on some other vulnerability. Still, it would be interesting to learn why that specific attack originated almost exclusively from computers in Italy.

Update 2015-02-10: I spoke too soon. The wp-login.php attacks from Italy have resumed. In the past 24 hours I’ve seen several new addresses from Italy attempt to guess credentials as well as many already seen in the past make another attempt.