Over 162,000 WordPress sites exploited in DDoS attack
Posted on 11 March 2014.
DNS and NTP servers are not the only publicly accessible resources that can be misused to amplify DDoS attacks.

Sucuri CTO Daniel Cid revealed details of a recent incident in which they received a plea for help from a popular WordPress site. The site was downed first by a DDoS, and then, when it went on for a while, by their hosting firm.


After they signed up for the company's website firewall, the company discovered from where the flood of requests was coming.

"It was a large HTTP-based (layer 7) distributed flood attack, sending hundreds of requests per second to their server," Cid shared in a blog post. The queries forced the page to reload fully every single time.

The requests were coming from 162,000 different (and possibly even more) legitimate WordPress sites, and what allowed the attacker to make these WP sites query the target was "a simple ping back request to the XML-RPC file."

The pingback functionality can easily be disabled (and Cid explains how), but the bad news is that it is here to stay, as many plugins use it.

If you run a WordPress site, you can use this online tool to check whether it is being misused amplification attacks such as this one.









Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //