A large number of WordPress sites were infiltrated and became the source of DDOS attacks
Recently, Sucuri's security researchers discovered that tens of thousands of WordPress sites were used to implement layer 7 DDos attacks. A total of 26,000 different WordPress sites continue to send HTTPS requests to the same website at a frequency of 10,000 to 11,000 times per second, with a maximum of 20,000 times per second. More seriously, if the Pingback function is enabled by default, any WordPress site in the world may be exploited and become a source of DDos attacks on the network.
HTTP Flood is a large-scale traffic attack launched on the seventh layer of the web service. It can not only directly cause the slow response of the attacked web front-end, but also indirectly attack the back-end business logic such as Java and more back-end databases. Services, increase their pressure, and even affect the log storage server.
It is recommended that all Wordpress-based websites disable Pingback as soon as possible. Although there is no guarantee that the website will not be attacked, it will stop hackers from using your website to attack other targets.
The best way is to disable pingbacks together with xmlrpc if you are sure you don’t need it. If you need to use it, you can simply modify the .htaccess file to allow only the IP in the whitelist to access the file. The popular plug-in Jetpack can also be used for traffic monitoring.
WordPress' pingback service can be exploited by DDoS attacks. This vulnerability has long been disclosed, but there are still a large number of websites that have this problem. It is that website owners rarely deliberately prevent their websites from being captured by botnets. And because the traffic in this DDoS attack comes from thousands of different IPs, network-based firewalls cannot identify and intercept, and can only limit the frequency of access to each IP address.
Researchers also found that most of the source websites for the attacks are hosted on well-known VPS/cloud service providers: Amazon AWS, Digital Ocean, Google Cloud, Microsoft Azure, HETZNER, OVH and Linode.
This article is published by www.internetweblist.com and does not represent the position of www.internetweblist.com/：http://www.internetweblist.com/Web_defense/28666.html