WordPress users beware, hackers are using brute force to target WordPress sites.
Attackers are exploiting WordPress pingback—a feature that allows sites to cross-reference blog posts—to launch a distributed denial-of-service (DDoS) attack on WordPress websites!
In a recent post on the Sucuri blog, CTO Daniel Cid indicated that all WordPress sites that have pingback enabled can be used as zombies in the attack.
This was exemplified when security researchers discovered that over 160,000 legitimate WordPress sites—all using the pingback feature—were being used as pawns to run a large HTTP based—layer 7, or the application layer—attack on a well-known WordPress site.
Dan Goodin explained the attack in this Ars Technica article:
By sending spoofed Web requests in a way that made them appear to come from the target site. the attacker was able to trick the WordPress servers into bombarding the target with more traffic than it could handle . . . the attack is notable for targeting XML-RPC.
This attack is particularly alarming, because your site might be infected and you wouldn’t even know it. To make sure your WordPress site is not being used to attack other WordPress sites, Daniel from Sucuri advised:
To verify, look through your logs for any POST requests to the XML-RPC file, similar to the one below. If you see a pingback to a random URL, you know your site is being misused.
There are options if you know your website is infected, and there are ways to protect your WordPress site. Read about them on the Sucuri blog.
What steps do you take to secure your WordPress sites?
Marie Dodson is an editorial assistant at Torque. She graduated from Cornell University with a degree in Biology and Society. She enjoys wine, good books, and travel.
5 Comments