Technology content trusted in North America and globally since 1999
8,227 Reviews & Articles | 62,369 News Posts

162,000 legitimate WordPress websites used to launch DDoS attacks

Legitimate websites help lend a hand in organized DDoS attacks
By: Michael Hatamoto | Hacking & Security News | Posted: Mar 12, 2014 9:20 am

Legitimate WordPress sites can be compromised and turned into a weapon to use as part of a distributed denial-of-service (DDoS) attack, according to security researchers. A HTTP-based distributed flood attack from more than 162,000 attacks recently brought down a larger site, with the victim WordPress site forced offline due to a tremendous amount of traffic.




Compromised websites likely didn't realize they were hijacked and used as part of the attack, though administrators can search for XML-RPC "POST" requests in website logs.


"Any WordPress site with XML-RPC enabled (which is on by default) can be used in DDoS attacks against other sites," said Daniel Cid, Sucuri CTO, wrote in a blog post. "Note that XML-RPC is used for pingbacks, trackbacks, remote access via mobile devices and many other features you're likely very fond of."


The affected site was allegedly targeted by a rival, though because the perpetrator was hiding behind so many WordPress websites, it's hard to prove responsibility.


Related Tags

Got an opinion on this news? Post a comment below!