All the latest UK technology news, reviews and analysis


Hackers turn 162,000 WordPress sites into DDoS attack tools

11 Mar 2014
DDoS attack

Hackers have hijacked more than 162,000 legitimate WordPress sites, connecting them to a criminal botnet and forcing them to mount distributed denial-of-service (DDoS) attacks, according to security firm Sucuri.

Sucuri CTO Daniel Cid said the company uncovered the botnet when analysing an attack targeting one of its customers. Cid said Sucuri managed to trace the source of the attack to legitimate WordPress sites.

"The most interesting part is that all the requests were coming from valid and legitimate WordPress sites. Yes, other WordPress sites were sending random requests at a very large scale and bringing the site down," read the blog.

"Just in the course of a few hours, over 162,000 different and legitimate WordPress sites tried to attack his site. We would likely have detected a lot more sites, but we decided we had seen enough and blocked the requests at the edge firewall, mostly to avoid filling the logs with junk."

Cid said the attackers successfully mounted the scam using a well-known flaw in WordPress code. "One attacker can use thousands of popular and clean WordPress sites to perform their DDoS attack, while being hidden in the shadows, and that all happens with a simple ping-back request to the XML-RPC file," read the post.

"This is a well-known issue within WordPress and the core team is aware of it, it's not something that will be patched, though. In many cases this same issue is categorised as a feature, one that many plugins use, so in there lies the dilemma."

At the time of publishing, WordPress had not responded to V3's request for comment on the Sucuri blog post.

Cid said WordPress users concerned they may be affected should disable the dodgy XML-RPC functionality of their site or download an automated scanner tool from a legitimate security service provider.

Gary Sockrider, solutions architect at DDoS mitigation firm Arbor Networks, told V3 that attacks targeting WordPress users are increasing as the site's lax security makes it easy for hackers.

“It’s not uncommon that cyber criminals use PHP web application servers as bots in the attacks. Many WordPress sites, often using the out-of-date TimThumb plugin, were compromised in the past – the same happened to Joomla and other PHP-based applications,” he said.

“Attackers usually target unmaintained servers to which the attackers upload PHP web shells and then use those shells to further deploy attack tools. Attackers connect to the tools either directly or through intermediate servers, proxies or scripts.”

DDoS attacks are a growing problem facing governments and businesses. They are a popular tactic with hacktivist groups looking to knock websites and systems offline by flooding them with requests. In 2014 the tactic has been used against numerous high-profile agencies and companies, including the UK Ministry of Justice.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Tech gifts for Christmas 2014

Is a new tablet on your wish list this festive season, or have they become yesterday’s fad?
13%
23%
12%
7%
45%

Popular Threads

Powered by Disqus
iPhone 6 is available in silver gold and space grey

iPhone 6 video review

The best iOS handset to date

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Oracle Integration Architect

FPSG are currently recruiting for the Oracle Technology...

Senior Systems Engineer

Senior Systems Engineer 35 hours per week, all...

International Sales Manager

International Sales Manager Location either Delft...

Application Developer - .NET / Java / C# / HTML5 / CSS / Android / iOS

Application Developer - .NET / Java / C# / HTML5 / CSS...
To send to more than one email address, simply separate each address with a comma.