TweakTown
Tech content trusted by users in North America and around the world
5,984 Reviews & Articles | 38,652 News Posts

162,000 legitimate WordPress websites used to launch DDoS attacks

Legitimate websites help lend a hand in organized DDoS attacks

| Hacking & Security News | Posted: Mar 12, 2014 9:20 am

Legitimate WordPress sites can be compromised and turned into a weapon to use as part of a distributed denial-of-service (DDoS) attack, according to security researchers. A HTTP-based distributed flood attack from more than 162,000 attacks recently brought down a larger site, with the victim WordPress site forced offline due to a tremendous amount of traffic.

 

TweakTown image news/3/6/36218_01_162_000_legitimate_wordpress_websites_used_to_launch_ddos_attacks.jpg

 

Compromised websites likely didn't realize they were hijacked and used as part of the attack, though administrators can search for XML-RPC "POST" requests in website logs.

 

"Any WordPress site with XML-RPC enabled (which is on by default) can be used in DDoS attacks against other sites," said Daniel Cid, Sucuri CTO, wrote in a blog post. "Note that XML-RPC is used for pingbacks, trackbacks, remote access via mobile devices and many other features you're likely very fond of."

 

The affected site was allegedly targeted by a rival, though because the perpetrator was hiding behind so many WordPress websites, it's hard to prove responsibility.

NEWS SOURCES:Scmagazine.com

Related Tags

Further Reading: Read and find more Hacking & Security news at our Hacking & Security news index page.

Do you get our news RSS feed? Get It!

Post a Comment about this news

Latest Tech News Posts

View More News Posts
Check out TweakTown Polls on LockerDome on LockerDome

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases