The security community is threatened by a new botnet composed at least 162,000 WordPress-powered websites abused to run DDoS attacks. The technique of attack allows to flood a target with requests sent by WordPress servers that received a specifically crafted spoofed Web request. The requests sent to the WordPress servers appear to come from the target site, so the attackers are able to amplify they fire capability.
The discovery was made by experts from security firm Sucuri that counted more than 162,000 legitimate WordPress sites targeting the web site of a company customer.
“Can you see how powerful it can be?” “One attacker can use thousands of popular and clean WordPress sites to perform their DDoS attack, while being hidden in the shadows, and that all happens with a simple ping back request to the XML-RPC file.” states the blog post published by the company.
The attack targets the XML-RPC implemented by web sites running WordPress and many other Web applications that offer services such as pingbacks, trackbacks, and remote access to some users.
A similar attack is considerable as an “application DDoS” conducted with ISO/OSI application layer requests, exactly like HTTP DDoS attack, despite its magnitude is significantly lower respect a DNS amplification DDoS attack or an NTP based DDoS.
One attacker can use thousands of popular and clean WordPress sites to perform their DDOS attack, while being hidden in the shadows, and that all happens with a simple ping back request to the XML-RPC file:
$ curl -D - "www.anywordpresssite.com/xmlrpc.php" -d '<methodCall><methodName>pingback.ping</methodName><params><param><value><string>http://victim.com</string></value></param><param><value><string>www.anywordpresssite.com/postchosen</string></value></param></params></methodCall>'
To discover if your WordPress instance is abused to conduct DDoS attack it is possible to run an online scan with this tool proposed by Sucury firm, the post also provides instructions to improve security of the WordPress like adding the following code to a site theme:
add_filter( ‘xmlrpc_methods’, function( $methods ) {
unset( $methods[‘pingback.ping’] );
return $methods;
} );
Be aware, because filter could have an impact on your website because the numerous functionalities based on XML-RPC protocol. We can conclude that DDoS attacks are becoming even more popular and attackers are adopting new and original techniques.
(Security Affairs – WordPress, DDoS)
U.S. and U.K. cyber agencies warn that Russia-linked group APT29 is targeting vulnerable Zimbra and…
As Middle East tensions rise, cyberattacks hit Iran’s government branches and nuclear facilities, following Israel's…
Sophos reports ransomware operators are exploiting a critical code execution flaw in Veeam Backup &…
GitLab issued updates for CE and EE to address multiple flaws, including a critical bug…
OpenAI disrupted 20 cyber and influence operations in 2023, revealing Iran and China-linked actors used…
The Internet Archive disclosed a data breach, the security incident impacted more than 31 million…
This website uses cookies.