WordPress installations abused by large DDoS attack




In a large DDoS attack is a functionality in WordPress exploited to enhance the attack. Force That represents a security company. It is the XML-RPC functionality. Which can be exploited to spoof. Http requests

WordPress Weblogs use the XML RPC functionality including to let you know that is linked, called pingbacks to them. Other blogs That functionality is also abusing writes Sucuri security. Due to spoof as if they were coming from a particular website, http-requests a WordPress website focuses his answer to that website.

That happened in a recent attack, in which 162,000 websites WordPress unsuspecting users through xml-rpc set their sights on other WordPress sites. In addition, the caching of the affected sites was circumvented by WordPress to send the request, so the WordPress installation had to serve a new page for each request and the database was consulted. Random numbers As a result, the sites were quickly flat.

It is not a security vulnerability in WordPress, emphasizes Sucuri, the XML-RPC functionality is seen as a feature. Nevertheless, managers of a WordPress website can manually disable pingback functionality. The security company has a tool published that allow administrators to check their WordPress installation in the recent attack is abused.


In: Technology & Gadgets Asked By: [15509 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »