Feeds

MUM's WordPress recipe blog USED AS ZOMBIE in DDoS attacks

Well, it's statistically reasonably likely. Just update to 3.8.1, OK?

Top 5 reasons to deploy VMware with Tegile

Tens of thousands of vulnerable WordPress sites have been co-opted into a server-based botnet being used to run DDoS attacks.

More than 160,000 legitimate WordPress sites were abused to run a large HTTP-based (layer 7) distributed flood attack against a target, which called in cloud security firm Sucuri for help.

Security experts discovered that the attack traffic was coming from WordPress sites with pingbacks enabled on blog posts, which is on by default. Pingbacks allow automatic backlinks to be created when other websites link to a page on a WordPress blog.

The problem can be fixed by installing a simple plugin, as explained by Sucuri CTO and OSSEC Founder Daniel Cid in a blog post.

"Any WordPress site with Pingback enabled (which is on by default) can be used in DDOS attacks against other sites," Cid explains. "Note that XML-RPC is used for pingbacks, trackbacks, remote access via mobile devices and many other features you’re likely very fond of. But, it can also be heavily misused."

Sean Power, security operations manager for DOSarrest, a DDoS mitigation technology services firm, said the attack relied on exploiting vulnerabilities in old versions of WordPress. This type of issue has been known about since 2007 and the specific problem abused in the latest run of attacks was fixed more than a year ago in a WordPress core release in January 2013.

"Attackers exploited a vulnerability in the core WordPress application and therefore it could be used for malicious purposes in DDoS attacks," Power explained. "The fix for this feature was actually released in the 3.5.1 version of WordPress in January 2013 and would be picked up by most good vulnerability scanners.

"This is a prime example of how users aren't regularly performing updates to their websites, because if they were, we wouldn't still be seeing DDoS attacks being carried out by websites taking advantage of this old flaw,” Power added.

WordPress is an open source blogging platform and content management system (CMS) that's used by millions of websites across the interwebs. ®

Remote control for virtualized desktops

Whitepapers

Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.