Cyber Attacks Utilise the Pingback Function in 26,000 Wordpress Websites
There have been reports this week from researchers at Sucuri of a number of cyber crime incidents that have used a huge network of 26,000 Wordpress websites to launch multiple Layer 7 (also known as flood) Denial of Service (DoS) attacks.
Wordpress Most Attacked CMS
The significance of this attack is that Wordpress websites appear to have a vulnerability in them that allows them to be used by cyber criminals to attack other websites. According to Imperva’s 2015 annual Web Application Attack Report (WAAR) Wordpress is now thought to be the most attacked CMS with around 3.5. times more attacks than non-CMS applications.
Popular Attack Against Wordpress
The most recent DoS attack is the most popular kind that is used against Wordpress, and is estimated to make up around 13% of all the attacks involving the system. In this most recent example the perpetrators used a series of IP addresses (in the 126.96.36.199/24 range) to control the botnet of Wordpress sites. The 26,000 Wordpress websites were then used by the attacker to generate 10,000 to 11,000 HTTPS requests per second against one website.
Some Protection Was In Place
The frequency of this kind of attack against Wordpress has meant that the system had an IP logging feature added to its version 3.9 to enable the IP address where ‘pingback’ requests originated to be noted. This should mean that the attacker’s IP shows in the log user agent. In this most recent case however the perpetrators were able to carry out an attack despite the logging feature being in place.
What Can You Do To Protect Your Website?
If you have a Wordpress website for your business, one step (other than abandoning Wordpress) that you can take to prevent it being used as part of a larger attack against other sites is to disable pingbacks.