Hackers turn 162,000 WordPress sites into DDoS attack tools

DDoS attackHackers have hijacked more than 162,000 legitimate WordPress sites, connecting them to a criminal botnet and forcing them to mount distributed denial-of-service (DDoS) attacks, according to security firm Sucuri.

Sucuri CTO Daniel Cid said the company uncovered the botnet when analysing an attack targeting one of its customers. Cid said Sucuri managed to trace the source of the attack to legitimate WordPress sites.

"The most interesting part is that all the requests were coming from valid and legitimate WordPress sites. Yes, other WordPress sites were sending random requests at a very large scale and bringing the site down," read the blog.

"Just in the course of a few hours, over 162,000 different and legitimate WordPress sites tried to attack his site. We would likely have detected a lot more sites, but we decided we had seen enough and blocked the requests at the edge firewall, mostly to avoid filling the logs with junk."

Cid said the attackers successfully mounted the scam using a well-known flaw in WordPress code. "One attacker can use thousands of popular and clean WordPress sites to perform their DDoS attack, while being hidden in the shadows, and that all happens with a simple ping-back request to the XML-RPC file," read the post.

"This is a well-known issue within WordPress and the core team is aware of it, it's not something that will be patched, though. In many cases this same issue is categorised as a feature, one that many plugins use, so in there lies the dilemma."

At the time of publishing, WordPress had not responded to V3's request for comment on the Sucuri blog post.

Cid said WordPress users concerned they may be affected should disable the dodgy XML-RPC functionality of their site or download an automated scanner tool from a legitimate security service provider.
Gary Sockrider, solutions architect at DDoS mitigation firm Arbor Networks, told V3 that attacks targeting WordPress users are increasing as the site's lax security makes it easy for hackers.

Read the rest of this post ---->
Share on Google Plus

About Doru Somcutean

Hello, my name is Somcutean Doru and I'm from Romania.

I really like to read reviews and see what's new about technology, on D-BLOG I share with you articles/reviews that I find interesting. I also write some reviews in romanian...

My second blog is D-NEWS , here are some movie reviews , my favorite songs or clips that I like...is more like a personal blog...so please don't get in because you'll get really bored.

I hope you like it!

0 comentarii:

Post a Comment