Since last week we are seeing increased attempts on our network to break into Magento webshops by using so called brute force attacks — automatically trying random passwords until one matches. Here is the amount of Magento specific probes for the last 10 days.
This worrying trend is confirmed by the Magento developer community; several agencies have reported compromised shops as a result of brute force attacks.
If you are hosted on Hypernode, we will automatically block the majority of attacks using our adaptive filtering technology. If you are hosted elsewhere, we have documented how to protect against Magento brute force attacks. Spoiler: 1) use strong passwords 2) change your admin URL 3) IP protect the /downloader url 4) Use an Intrusion Prevention System.
Want to help us with large scale analysis and fend off even more attacks? We are hiring 😉