GIVEAWAY: Sabrent Rocket Q 8TB NVMe PCIe M.2 SSD worth $2000!

162,000 legitimate WordPress websites used to launch DDoS attacks

Legitimate websites help lend a hand in organized DDoS attacks.

Published Wed, Mar 12 2014 4:20 AM CDT   |   Updated Mon, Oct 19 2020 8:15 PM CDT

Legitimate WordPress sites can be compromised and turned into a weapon to use as part of a distributed denial-of-service (DDoS) attack, according to security researchers. A HTTP-based distributed flood attack from more than 162,000 attacks recently brought down a larger site, with the victim WordPress site forced offline due to a tremendous amount of traffic.

162,000 legitimate WordPress websites used to launch DDoS attacks | TweakTown.com

Compromised websites likely didn't realize they were hijacked and used as part of the attack, though administrators can search for XML-RPC "POST" requests in website logs.

"Any WordPress site with XML-RPC enabled (which is on by default) can be used in DDoS attacks against other sites," said Daniel Cid, Sucuri CTO, wrote in a blog post. "Note that XML-RPC is used for pingbacks, trackbacks, remote access via mobile devices and many other features you're likely very fond of."

The affected site was allegedly targeted by a rival, though because the perpetrator was hiding behind so many WordPress websites, it's hard to prove responsibility.

NEWS SOURCE:scmagazine.com

An experienced tech journalist and marketing specialist, Michael joins TweakTown looking to cover everything from consumer electronics to enterprise cloud technology. A former Staff Writer at DailyTech, Michael is now the West Coast News Editor and will contribute news stories on a daily basis. In addition to contributing here, Michael also runs his own tech blog, AlamedaTech.com, while he looks to remain busy in the tech world.

Related Tags

Newsletter Subscription
Latest News
View More News
Latest Reviews
View More Reviews
Latest Articles
View More Articles