Over 160,000 WordPress Sites Used as Zombies in DDoS Attacks
Are you running WordPress like us? Do you make it a point to update to the latest version as soon as it’s out? If not, then maybe you should.
In a recent massive attack, more than 160,000 WordPress sites have been taken advantage of and used to launch “a large HTTP-based (layer 7) distributed flood attack against a target”. And, these were legit WordPress sites that were abused for the attack. So you could actually have been one of them!
Security firm Sucuri was tasked with the duty to figure out and solve the DDoS attacks, and what they found out was that the vulnerable WordPress sites were the ones which allowed pingbacks.
Now you know that this option is turned on by default, so unless you disallow pingbacks on your blog, you could be taken advantage of as well. That, or upgrade to the latest WordPress version now, or find another solution, such as a plugin that Sucuri conveniently has ready for you.
Sucuri CTO Daniel Cid says:
Any WordPress site with Pingback enabled (which is on by default) can be used in DDOS attacks against other sites. Note that XMLRPC is used for pingbacks, trackbacks, remote access via mobile devices and many other features you’re likely very fond of. But, it can also be heavily misused like what we are seeing.
If you want more technical details about how the DDoS attacks were done, you’ll find that in the blog post.
If you want to know if your blog is being used to attack others, you can check out Sucuri’s checker here. You simply have to type your URL in.