Over 162,000 WordPress sites exploited in DDoS attack
Posted on 11 March 2014.
DNS and NTP servers are not the only publicly accessible resources that can be misused to amplify DDoS attacks.

Sucuri CTO Daniel Cid revealed details of a recent incident in which they received a plea for help from a popular WordPress site. The site was downed first by a DDoS, and then, when it went on for a while, by their hosting firm.


After they signed up for the company's website firewall, the company discovered from where the flood of requests was coming.

"It was a large HTTP-based (layer 7) distributed flood attack, sending hundreds of requests per second to their server," Cid shared in a blog post. The queries forced the page to reload fully every single time.

The requests were coming from 162,000 different (and possibly even more) legitimate WordPress sites, and what allowed the attacker to make these WP sites query the target was "a simple ping back request to the XML-RPC file."

The pingback functionality can easily be disabled (and Cid explains how), but the bad news is that it is here to stay, as many plugins use it.

If you run a WordPress site, you can use this online tool to check whether it is being misused amplification attacks such as this one.









Spotlight

Bash Shellshock bug: More attacks, more patches

Posted on 29 September 2014.  |  As vendors scramble to issue patches for the GNU Bash Shellshock bug and companies rush to implement them, attackers around the world are probing systems for the hole it opens.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //