Over 162,000 WordPress sites exploited in DDoS attack
Posted on 11 March 2014.
DNS and NTP servers are not the only publicly accessible resources that can be misused to amplify DDoS attacks.

Sucuri CTO Daniel Cid revealed details of a recent incident in which they received a plea for help from a popular WordPress site. The site was downed first by a DDoS, and then, when it went on for a while, by their hosting firm.


After they signed up for the company's website firewall, the company discovered from where the flood of requests was coming.

"It was a large HTTP-based (layer 7) distributed flood attack, sending hundreds of requests per second to their server," Cid shared in a blog post. The queries forced the page to reload fully every single time.

The requests were coming from 162,000 different (and possibly even more) legitimate WordPress sites, and what allowed the attacker to make these WP sites query the target was "a simple ping back request to the XML-RPC file."

The pingback functionality can easily be disabled (and Cid explains how), but the bad news is that it is here to stay, as many plugins use it.

If you run a WordPress site, you can use this online tool to check whether it is being misused amplification attacks such as this one.









Spotlight

How GitHub is redefining software development

Posted on 26 January 2015.  |  The security industry is slowly realizing what the developer community knew for years - collaboration is the key to and likely the future of innovation.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Wed, Jan 28th
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //