162k wordpress sites used in DDoS attack

nitrobass24

Moderator
Dec 26, 2010
1,083
127
63
TX
Sounds like you don't need to be "infected".

I wonder what WAF tech they are using under the covers for this service.
 

Patrick

Administrator
Staff member
Dec 21, 2010
11,938
4,892
113
I have a bit of WP experience at this point. The XML-RPC functionality is actually used a lot by folks who use Microsoft LiveWriter and other tools to write in WP. It is also a known security nightmare for some time. STH does not have XML-RPC active for that reason.

The "pingback" functionality in WP is fairly common. It refers basically to the functionality that lets you see when another site has cited a post. You can see on many WP blogs a series of entries in the comments sections with quotes and links to other web properties. This is another functionality STH has had turned off for years now since it is a favorite target for spammers looking to get links to their sites.

WP Spam is absolutely crazy. Last month I think STH got somewhere around 1500 spam comments a day. This month it is averaging over 3000. September 2013 was around 750/ day.

Bottom line is that WP is so widely adopted with tens of millions of installations that it is a huge attack vector. I know that many larger sites such as Tom's and Anandtech are custom written CMS which gives a little "security by obscurity" but we all know that is not worth too much.

Hopefully that is somewhat useful to those that are not overly versed in the administration side of WordPress. I am by no means a WP expert, but I do have some experience.
 

markpower28

Active Member
Apr 9, 2013
402
100
43
In netscaler, there is appfw that can address it.
Unlike traditional fw. Netscaler can intercept the traffic then determine attack. Or you can setup rate limitation on the vip
 

nitrobass24

Moderator
Dec 26, 2010
1,083
127
63
TX
That's a thought. Patrick have you ever considered using net scaler in front of thing? I know they have a free version
 

Patrick

Administrator
Staff member
Dec 21, 2010
11,938
4,892
113
The free version of Netscaler only goes up to like 5mbps and STH's peak in March thus far is 45mbps. Not really a big enough issue to be a top 10 thing to solve at this point.
 

markpower28

Active Member
Apr 9, 2013
402
100
43
hate to keep bring this. One of my ecom customer implement the netscaler compression. they drop the bandwidth usage from 80 MB/s to 12 MB/s :)
 

Patrick

Administrator
Staff member
Dec 21, 2010
11,938
4,892
113
nitrobass24 - 45 is really the peak. 95th is more like 4.4mbps or so just to give you an idea. Not a big deal really since that is under 1/10th the bandwidth STH has (50/95th on a gigabit port)

In terms of top 10, and outside normal review stuff, here is the backlog: http://forums.servethehome.com/site-organization-suggestions/3302-new-site-feature-backlog.html

Most of the forums stuff is getting fixed with XF so that is the focus now. The BIG one is still STHbench.

markpower28 - We are already compressing traffic. The next step really is adding SPDY which should be amazing. Going to wait to get the forums onto XF before switching over. The architecture is really simple now which makes it easy to maintain.