Need help? Chat now!

Hostwinds Blog

Search results for:

Thousands of WordPress Sites Hijacked by DDoS Launchers Featured Image

Thousands of WordPress Sites Hijacked by DDoS Launchers

by: Bryon Turcotte  /  March 12, 2014

The California-based security firm Sucuri reports that approximately "_162,000 legitimate WordPress sites_" have been hijacked by hackers and connected to "_a criminal botnet_" which forces each to launch "_distributed denial-of-service (DDoS) attacks_, "according to an article published by the V3.CO.UK website. According to the article, the firm confirms that the hackers were successful at mounting this attack by exploiting "_a well-known flaw in WordPress code_, "according to the article.

The article indicates that Sucuri "uncovered the botnet when analyzing an attack targeting one of its customers_" and successfully traced "_the source of the attack to legitimate WordPress sites." Daniel Cid, Sucuri CTO, was quoted in the article to say," The most interesting part is that all the requests were coming from valid and legitimate WordPress sites. Yes, other WordPress sites were sending random requests at an immense scale and bringing the site down. Just in a few hours, over 162,000 different and legitimate WordPress sites tried to attack his site. We would likely have detected a lot more sites, but we decided we had seen enough and blocked the requests at the edge firewall, mostly to avoid filling the logs with junk."

Arbor Networks'  solutions architect Gary Sockrider was also quoted in the article to say, "It's not uncommon that cybercriminals use PHP web application servers as bots in the attacks. Many WordPress sites, often using the out-of-date TimThumb plugin, were compromised in the past – the same happened to Joomla and other PHP-based applications. Attackers usually target unmaintained servers to which the attackers upload PHP web shells and then use those shells to deploy attack tools further. Attackers connect to the tools either directly or through intermediate servers, proxies or scripts."

Read more about these attacks and how security firms view this WordPress vulnerability, and how the recent wave of troubles affect its users at the full article at V3.CO.UK.

Written by Bryon Turcotte  /  March 12, 2014