Skip to main content

Huge DDoS attack uses 162,000 innocent WordPress sites

Over 150,000 WordPress blogs have unwittingly carried out a huge distributed denial of service [DDoS] attack against other sites using default settings.

Related: Crash to web service CloudFlare takes 785,000 sites offline including Wikileaks and 4chan

ITPro reports that the attack involved around 162,000 WordPress sites and was carried out using sites that have pingbacks or trackbacks enabled, something that is automatically switched on when a site is created.

The problem only surfaced when a site went down due to the unusually large number of access requests that it received causing the site's host to shut the site due to the server being completely overloaded. The site’s owner then contacted Securi Research in order to put a stop to the attack in order for the site to go back online, which is when the true cause of the ambush was discovered.

"Once the DNS was ported we were able to see what was going on, it was a large HTTP-based (layer 7) distributed flood attack, sending hundreds of requests per second to their server. All queries had a random value (like "?4137049=643182?) that bypassed their cache and force a full page reload every single time,” said Securi’s CTO Daniel Cid, according to ITPro.

WordPress site owners that think their site has been affected can prevent future attacks by inserting the following piece of code:

add_filter( ‘xmlrpc_methods’, function( $methods ) { unset( $methods[''] ); return $methods; } )

In addition to inserting that piece of code, any site that suspects it has been attacked can check its URL against a list of logs on Securi’s page that will tell website owners whether the site has in fact been hacked.

Related: ‘Biggest ever’ DDoS hacking attack hits Europe

So far it’s unclear how many sites the attack managed to take offline and it comes little over a month after CloudFlare admitted that the largest DDoS attack ever to take place on a European network was a sign of “ugly things to come”.