More than 100,000 WordPress Sites Used for DDoS Attacks

Techradar.com published on March 12th, 2014, stating a warning of security pundits according to which in excess of 100,000 Wordpress websites have conscripted in a botnet which compelling them to launch distributed denial of service (DDoS) attacks unintentionally.

Notably, Wordpress is an open source blogging platform and CMS (content management system) that is employed by millions of websites all over the interwebs.

Security firm Sucuri evaluated an attack aiming one of its patrons and found the botnet and the basis of the assault to genuine Wordpress websites.

Theregister.com published news on March 12th, 2014, quoting a comment by Sean Power, Security Operations Manager of DOSarrest, a DDoS-mitigation technology services firm on the newest attack as "the attack relied on exploiting vulnerabilities in old versions of WordPress and this type of issue has been known ever-since 2007 and the exact problem battered in the recent run of attacks was fixed over a year ago in a WordPress core release in last year January."

Techradar.com published news on March 12th, 2014, quoting network security company Lancope as saying "criminals sought to set-up a supply chain for hijacked connected systems for their botnets."

Techradar.com published news on March, 12th 2014, quoting Tim Keanini, CTO of Lancope, as saying "cybercriminals carry on to innovate and hit upon vulnerabilities to exploit for their criminal activity to their limitless supply of targets.

He said that these sort of problem of hacking was going to get worse with the industry moving towards the "Internet of things."

Security experts say that WordPress-enabled attacks are just one technique in a growing weapon of powerful DDoS weapons. Other implementations include the abuse of time-synchronization protocol of Internet and the misuse of open domain name system servers to amplify traffic. Crooks have also waged enormously powerful DDoS attacks by botnets of WordPress servers and increase in assaults proves that there is no shortage of ways to inflict crippling damage on the Internet.

Security experts described the work-around of most recent attack as immobilizing the dodgy XML-RPC functionality of a site or download an automated scanner tool from a genuine security service supplier.

» SPAMfighter News - 3/21/2014