More Than 162,000 WordPress Sites Used for Distributed Denial of Service Attack

We have been tracking the recent issue of “WordPress Sites Used for Distributed Denial of Service Attack” for a couple of days and the write up at Sucuri is very good explain the issues behind the latest Distributed Denial Of Service (DDOS) attack – basically ANY WordPress with the default install can be used to launch a DDOS attack against a specific target. What happens is that the “ping back” feature of WordPress is used to then bombard a third party with so much traffic it simply can’t handle it.

http://blog.sucuri.net/2014/03/more-than-162000-wordpress-sites-used-for-distributed-denial-of-service-attack.html
http://krebsonsecurity.com/2014/03/blogs-of-war-dont-be-cannon-fodder/

Sucuri has done a very good job in giving us a look into their logs of the recent attacks and I would recommend that ALL WordPress sites should be checked against the following service:

http://labs.sucuri.net/?is-my-wordpress-ddosing

If you do decide to disable PingBacks (which is NOT recommended if you do have comments on your Posts) then the best option is to disable the XML-RPC function that supports PingBack via the following plug-in: https://wordpress.org/plugins/disable-xml-rpc/

Note that this will also disable remote posting/editing (like is used in the iPad/Android WordPress platforms), so tread carefully with this change.

Also, you can do this yourself according to Brian Krebs:

As Sucuri notes, for the gearheads who don’t trust plugins, one easy way to block your WordPress blog from participating in these attacks is to create your own plugin that incorporates the following code:

add_filter( ‘xmlrpc_methods’, function( $methods ) {
unset( $methods['pingback.ping'] );
return $methods;
} );

Bookmark the permalink.

Comments are closed