BloggingPro logo

  • Blog
  • Blogging Jobs
  • Contact
  • WordPress Tips
  • Post a Job
  • Services
  • Books for Bloggers
  • RSS Blog Feed
  • RSS Blogging Jobs Feed

Over 160,000 WordPress Sites Used as Zombies in DDoS Attacks

3/13/2014 by Noemi Tasarra-Twigg 2 Comments

ddos attacks

Are you running WordPress like us? Do you make it a point to update to the latest version as soon as it’s out? If not, then maybe you should.

ddos attacks

Source

In a recent massive attack, more than 160,000 WordPress sites have been taken advantage of and used to launch “a large HTTP-based (layer 7) distributed flood attack against a target”. And, these were legit WordPress sites that were abused for the attack. So you could actually have been one of them!
Security firm Sucuri was tasked with the duty to figure out and solve the DDoS attacks, and what they found out was that the vulnerable WordPress sites were the ones which allowed pingbacks.

Now you know that this option is turned on by default, so unless you disallow pingbacks on your blog, you could be taken advantage of as well. That, or upgrade to the latest WordPress version now, or find another solution, such as a plugin that Sucuri conveniently has ready for you. 😉

Sucuri CTO Daniel Cid says:

Any WordPress site with Pingback enabled (which is on by default) can be used in DDOS attacks against other sites. Note that XMLRPC is used for pingbacks, trackbacks, remote access via mobile devices and many other features you’re likely very fond of. But, it can also be heavily misused like what we are seeing.

If you want more technical details about how the DDoS attacks were done, you’ll find that in the blog post.

If you want to know if your blog is being used to attack others, you can check out Sucuri’s checker here. You simply have to type your URL in.

Author: Noemi Tasarra-Twigg

Editor of Splashpress Media, writer, and geek bitten by the travel bug.

Twitter Facebook Google+ Linkedin

Filed Under: News Tagged With: DDoS

Looking for flexible blogging and writing jobs?

Comment with Your Facebook Account

Comments

  1. IBN says

    3/17/2014 at 6:20 pm

    Your article is very good. http://Www.sites-promotion.com

    Reply
  2. Dean Saliba says

    3/26/2014 at 12:28 pm

    It is rather scary at how easy most of these blogs are taken over. Thankfully my web host put in place two captchas to be completed in order to get access to the admin login page, which has kept all of mine safe. Updating to the latest version and keeping an eye on the abandoned and poorly written plugins is also important.

    Recently my host has been asking me to delete the XMLRPC.php file from WordPress as these hackers are trying to get in through this file as well.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Please prove you're human *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Work for Bloggers

  • Writing Jobs
  • Online Content Jobs
  • Editing Jobs
  • Blogger Jobs
  • Publishing Jobs
  • Telecommuting and flexible jobs at Flexjobs

Blogging & Writing Work

  • Writing Jobs
  • Online Content Jobs
  • Editing Jobs
  • Blogger Jobs
  • Publishing Jobs
  • Telecommuting and flexible jobs at Flexjobs

BloggingPro © 2019 Splashpress Media