Over 162,000 WordPress sites exploited in DDoS attack
Posted on 11 March 2014.
DNS and NTP servers are not the only publicly accessible resources that can be misused to amplify DDoS attacks.

Sucuri CTO Daniel Cid revealed details of a recent incident in which they received a plea for help from a popular WordPress site. The site was downed first by a DDoS, and then, when it went on for a while, by their hosting firm.


After they signed up for the company's website firewall, the company discovered from where the flood of requests was coming.

"It was a large HTTP-based (layer 7) distributed flood attack, sending hundreds of requests per second to their server," Cid shared in a blog post. The queries forced the page to reload fully every single time.

The requests were coming from 162,000 different (and possibly even more) legitimate WordPress sites, and what allowed the attacker to make these WP sites query the target was "a simple ping back request to the XML-RPC file."

The pingback functionality can easily be disabled (and Cid explains how), but the bad news is that it is here to stay, as many plugins use it.

If you run a WordPress site, you can use this online tool to check whether it is being misused amplification attacks such as this one.









Spotlight

The security threat of unsanctioned file sharing

Posted on 31 October 2014.  |  Organisational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees, and employees routinely breach IT policies.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //