Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Large DDoS attack brings WordPress pingback abuse back into spotlight

Lucian Constantin | March 12, 2014
Attackers have abused the WordPress pingback feature, which allows sites to cross-reference blog posts, to launch a large-scale, distributed denial-of-service (DDoS) attack, according to researchers from Web security firm Sucuri.

However, it's not the first time when Web security firms have reported DDoS attacks leveraging the WordPress pingback functionality. Security firm Incapsula reported that in July 2013 one of its customers was targeted in a pingback DDoS attack from 50,000 bots that generated a total of 8 million page hits at a rate of 1,000 hits per second.

Many Web application firewalls are likely to have detection and blocking rules for this type of attack already. The Sucuri blog post also contains a snippet of code that WordPress site owners can add to their themes to disable the pingback feature and prevent their sites from being misused in attacks.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.