Published on March 12th, 2014 📆 | 6518 Views ⚑0
162,000 vulnerable WordPress websites abused to perform DDoS Attack
DDoS attacks are a growing issue facing by governments and businesses. In a recent attack, thousands of legitimate WordPress websites have been hijacked by hackers, without the need for them to be compromised. Instead, the attackers took advantage of an existing WordPress vulnerability (CVE-2013-0235) - “Pingback Denial of Service possibility”.
According to security company Sucuri, in a recent amplification attack more than 162,000 legitimate WordPress sites were abused to launch a large-scale ddos attack.
The attack exploited an issue with the XML-RPC (XML remote procedure call) of the WordPress, use to provide services such as Pingbacks, trackbacks, which allows anyone to initiate a request from WordPress to an arbitrary site.
The functionality should be used to generate cross references between blogs, but it can easily be used for a single machine to originate millions of requests from multiple locations.
"Any WordPress site with XML-RPC enabled (which is on by default) can be used in DDoS attacks against other sites,” Sucuri researcher said in the blog post.
The Pingback mechanism has been known to be a security risk for some time. XML-RPC is enabled by default on WordPress and websites with no protection mechanism are vulnerable to this attack.