Cyber Attacks Utilise the Pingback Function in 26,000 WordPress Websites

Written by Pronetic

Pronetic is a leading provider of core IT support for ISO 27001, Cyber Essentials and Cyber Essentials Plus compliance.

February 26, 2016

There have been reports this week from researchers at Sucuri of a number of cyber crime incidents that have used a huge network of 26,000 WordPress websites to launch multiple Layer 7 (also known as flood) Denial of Service (DoS) attacks.

A Denial of Service (DoS) attack is one where the perpetrator uses multiple compromised systems that are often infected with a Trojan virus to launch a single attack on one system. A Layer 7 or flood is where the server that is being attacked is disrupted because its resources and memory are overloaded.

WordPress Most Attacked CMS

The significance of this attack is that WordPress websites appear to have a vulnerability in them that allows them to be used by cyber criminals to attack other websites. According to Imperva’s 2015 annual Web Application Attack Report (WAAR) WordPress is now thought to be the most attacked CMS with around 3.5. times more attacks than non-CMS applications. Only last year for example thousands of WordPress sites were attacked or hijacked using malicious ‘Nutrino Exploit Kit’ code. The apparent vulnerability of WordPress to attack is a particularly worrying situation when you consider that WordPress now makes up 25% of all websites.

Popular Attack Against WordPress

The most recent DoS attack is the most popular kind that is used against WordPress, and is estimated to make up around 13% of all the attacks involving the system. In this most recent example the perpetrators used a series of IP addresses (in the 185.130.5.0/24 range) to control the botnet of WordPress sites. The 26,000 WordPress websites were then used by the attacker to generate 10,000 to 11,000 HTTPS requests per second against one website. When subjected to a flood of requests of this kind servers are unable to handle the load, a large consumption of memory is caused, and the operation of the server is therefore seriously disrupted.

Some Protection Was In Place

The frequency of this kind of attack against WordPress has meant that the system had an IP logging feature added to its version 3.9 to enable the IP address where ‘pingback’ requests originated to be noted. This should mean that the attacker’s IP shows in the log user agent. In this most recent case however the perpetrators were able to carry out an attack despite the logging feature being in place.

What Can You Do To Protect Your Website?

If you have a WordPress website for your business one step that you can take to prevent it being used as part of a larger attack against other sites is to disable pingbacks. It is the pingback element of WordPress that has repeatedly been responsible for so many of the attacks.

You May Also Like…

0 Comments

Why Choose Pronetic

We Are ISO 27001 & Cyber Essentials Plus Certified

Be reassured that we have been externally audited. You can have complete peace of mind that the team managing your IT systems and safeguarding your data are independently vetted annually.

Seamless & Comprehensive IT Support

Our investment in people, tools and processes, continuously improved, ensures that we don’t just deliver exceptional I.T. support but include your compliance to Cyber Essentials or ISO 27001 “baked-in”. Yes, that means no more annual headaches and stress when your certification comes round.

Expert Support Money Back Guarantee

We're confident in the value we deliver. That's why we offer a 90-day, no-quibble money-back guarantee. If, for any reason, you're not completely satisfied with our IT support services, we'll provide a full refund and cancel your contract without any hassle.

Book Your Free IT Strategy Call Now!

Simply Fill In The Form Below To Receive Your Free IT Strategy Call:

By submitting this form, you consent to us using your personal information to contact you. For more information please see our privacy policy.