26k WordPress sites attacked with a clever layer 7 DDoS attack

Massive layer 7 DDoS attack effected 26,000 different WordPress websites, leveraging the pingback feature with nearly 20,000 HTTPS requests per second.

57 seconds read time

It seems no one is safe from the mighty DDoS anymore, and you don't even have to use anyone's bandwidth to accomplish that feat either. A flaw in WordPress's pingback feature has allowed a layer 7 (the application layer) DDoS take down, and effect, nearly 26,000 different sites using the CMS.

26k WordPress sites attacked with a clever layer 7 DDoS attack | TweakTown.com

The attackers are flooding the sites with HTTPS requests, in this case pingbacks, that the server will log to the database and try to process. Being HTTPS means that more resources are being used to establish an SSL session, which devotes those resources to those tasks. Enough requests and the site can slow down to a crawl because the physical server just isn't fast enough. Not as much network bandwidth is needed to send these packets, so at the network layer it may look like normal traffic. But even 10,000 HTTPS requests per second can take offline even a modestly powerful server.

Thankfully the solution is relatively simple. Just turn-off pingbacks on your site altogether. At the very least change your .htaccess file to whitelist only the known and good IP addresses that are within your own community, those that aren't part of a botnet. Apparently the application layer DDoS attack accounts for around 13% of all DDoS attacks according to Sucuri. That's a lot more than you might think.

NEWS SOURCE:blog.sucuri.net

Jeff grew up in the Pacific Northwest where he fell in love with gaming and building his own PC’s. He's a huge fan of any genre of gaming from RTS to FPS, but especially favors space-sims. Now he's stepped into the adult world by becoming a professional student looking to break into the IT Security world. When he’s not deep in his studies, he’s deep in a new game, revisiting an old game, or testing the extreme limits of his own PC. He's now a news contributor for TweakTown, looking to bring a unique view on technology and gaming.

Newsletter Subscription

Related Tags