export default "data:image/svg+xml;base64,PHN2ZyBhcmlhLWhpZGRlbj0idHJ1ZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2aWV3Qm94PSIwIDAgNjAgNzUiPjxkZWZzPjxzdHlsZT4uYXtmaWxsOiNmZmY7fTwvc3R5bGU+PC9kZWZzPjx0aXRsZT5UUlEtTEdPLVEtUkdCPC90aXRsZT48cGF0aCBjbGFzcz0iYSIgZD0iTTkuNzEsOS41NGEyOC44LDI4LjgsMCwwLDAsMCw0MC42NGwuMTMuMTJoMEwzMy43NCw3My44NlY1OC4yNWExOS43LDE5LjcsMCwwLDAsMi4zOS0uMzUsMjguMjksMjguMjksMCwwLDAsMTQuMTYtNy43MkEyOC43MiwyOC43MiwwLDAsMCw5LjcxLDkuNTRaTTQyLjQ0LDQyLjMyYTE3LjQ2LDE3LjQ2LDAsMCwxLTguNzcsNC43NVY1OFMxOC4wNSw0Mi44LDE3LjU2LDQyLjMxYTE3LjYsMTcuNiwwLDEsMSwyNC44OCwwWiIvPjwvc3ZnPg=="
Torque

A Visual Look at a Real DDoS Attack

Filed Under

Archives

Published

May 10, 2013

1 Comment

With all of the security discussions as of recent it’s been top of mind for many WordPress users and developers alike. Most of us are firming up our security options, downloading plugins, and asking better questions about WordPress security. There are also some that are reminding us that WordPress is secure, so don’t get it twisted!

It’s time to clear up the debate once and for all. Despite all the doubts (and some haters), WordPress core is without a doubt one of the most secure platforms you can choose to put a site on. Of course, a WordPress install is only as secure as the plugins it leverages — but that’s another post for another time.

Other blogs and services, like Sucuri, are constantly overseeing the WordPress ecosystem and much larger technology spectrum for breaches, insights, and best practices – in short, there are a lot of eyes on the challenges that we face as a community and there’s a lot of solutions as well.

But have you ever “seen” what a DDoS attack looks like? Just for the curious, here’s an interesting and short video:

The security team at VideoLan, developers of the highly popular VLC media player, captured this to share with those who have never really “experienced” it (not that you would want to):

According to VideoLan’s Ludovic Fauvet, the servers at get.videolan.org have been dealing with around 400 requests every second. A pattern was quickly identified in the attacks, however, which allowed Fauvet and his teammates to  cut the bad guys off at the pass.

By singling out a common user agent, they’ve been able to tweak Nginx to leave those connections lingering in limbo. Right now, the DDoS requests aren’t accomplishing anything more than generating HTTP 403 errors.

Prior to fortifying their defenses, the VideoLan crew was seeing around 200 downloads of VLC every second — which totalled nearly 30Gbps. Here’s a quick comparative: the massive DDoS that took down Wikipedia was pushing about 10 gigabits every second.

Yikes. There’s something to say about how if you personally were on the receiving end of all of this then you must have a really popular site and service (so kudos to you), but that’s something entirely off-topic.

WordPress core is secure so continue to show WordPress the love that it deserves (and don’t fork it people!).

How do you stay on top of your WordPress game?

A good way to start is to sign up for our weekly newsletter. We keep you up to date by bringing you the freshest WordPress content from the brightest minds in the industry.