Jump to content
aelius

DDoS Attacks originated from thousands of .EDU and .GOV WordPress Blogs

By aelius, in Stiri securitate

Recommended Posts

aelius Grand Master

aelius

Posted
Posted (edited)

In a recent cyber attack on a Forum site, thousands of outdated legitimate WordPress blogs were abused to perform DDOS attacks using previously known vulnerabilities. After analyzing the Log file from the victim's server, we have noticed many Wordpress CMS based educational (.EDU) and Government (.GOV) websites from where the attack was originated. In the past we have reported about many such cyber attacks, where attackers hacked into the Wordpress blogs using password brute-force attack or they used the PINGBACK vulnerability in older versions of Wordpress without compromising the server.

WordPress has a built in functionality called Pingback, which allows anyone to initiate a request from WordPress to an arbitrary site and it can be used for a single machine to originate millions of requests from multiple locations.

We have seen more than 100,000 IP addresses involved in the recent DDOS attack and the victim's Forum website received more than 40,000 requests in 7 minutes from different Wordpress blogs and IP addresses. In this recent attack, we have noticed more than 4000 .EDU and .GOV sites along with thousands of other abused sites, including following:

Thousands+of+outdated+.EDU+and+.GOV+WordPress+sites+used+in+DDoS+Attacks.png

These large servers can cause much more damage in DDoS attacks because the servers have the large network bandwidth and are capable of generating significant amounts of traffic. At this time it's not clear that either these Wordpress blogs are compromised or the Pingback vulnerability was used to perform the attack. But It’s always wise to learn from other’s mistake. If you still use 'admin' or common name as a user name on your blog, change it, use a strong password. There are also security plug-ins available, two-factor authentication options available for WordPress and of course make sure you are up-to-date on the latest version of WordPress.

Source: DDoS Attacks originated from thousands of .EDU and .GOV WordPress Blogs - The Hacker News

My opionion: looks like a lame http flood ;-)

Edited by aelius

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...