Distributed Denial of Service (DDOS) attacks are in trend these days because of the wide coverage they get through this kind of attack.
According to Daniel Cid Sucuri CTO, OSSEC Founder, Distributed Denial of Service (DDOS) attacks are very serious issue for every website owner currently.
Any WordPress site with XML-RPC enabled (which is on by default) can be used in DDOS attacks against other sites. Note that XMLRPC is used for pingbacks, trackbacks, remote access via mobile devices and many other features you’re likely very fond of. But, it can also be heavily misused like what we are seeing.
He explains what happened against a popular WordPress site that had gone down for many hours due to a DDOS, it was a large HTTP-based (layer 7) distributed flood attack, sending hundreds of requests per second to their server. The requests looked like this:
74.86.132.186 - - [09/Mar/2014:11:05:27 -0400] "GET /?4137049=6431829 HTTP/1.0" 403 0 "-" "WordPress/3.8; http://www.mtbgearreview.com" 121.127.254.2 - - [09/Mar/2014:11:05:27 -0400] "GET /?4758117=5073922 HTTP/1.0" 403 0 "-" "WordPress/3.4.2; http://www.kschunvmo.com" 217.160.253.21 - - [09/Mar/2014:11:05:27 -0400] "GET /?7190851=6824134 HTTP/1.0" 403 0 "-" "WordPress/3.8.1; http://www.intoxzone.fr" 193.197.34.216 - - [09/Mar/2014:11:05:27 -0400] "GET /?3162504=9747583 HTTP/1.0" 403 0 "-" "WordPress/2.9.2
all queries had a random value (like “?4137049=643182″) that bypassed their cache and force a full page reload every single time. It was killing their server pretty quickly.
Just in the course of a few hours, over 162,000 different and legitimate WordPress sites tried to attack his site. We would likely have detected a lot more sites, but we decided we had seen enough and blocked the requests at the edge firewall, mostly to avoid filling the logs with junk.
This is definitely a very serious issue as the attacker uses thousands of popular and clean WordPress sites to perform their DDOS attack through simple ping back request to the XML-RPC file
Daniel Cid gives a few work around to be safe from these kind of attacks, you need to disable the XML-RPC (pingback) functionality on your site.
The pingbacks are anyways a pain because it’s the preferred way for the spammers & we disable it on every WordPress site we work on.
Also you can block it is by adding the following code to your theme:
add_filter( ‘xmlrpc_methods’, function( $methods ) {
unset( $methods[‘pingback.ping’] );
return $methods;
} );
Scurui has put together a scanner to that will check if your website has shown up in our logs. This scanner is only looking to see if your site has used to attack anyone within our network.
WordPress DDOS Scanner to check if your site is DDOS’ing other websites.
Leave a Reply