162k wordpress sites used in DDoS attack

Discussion in 'Software Stuff' started by MiniKnight, Mar 12, 2014.

  1. MiniKnight

    MiniKnight Well-Known Member

    Joined:
    Mar 30, 2012
    Messages:
    2,958
    Likes Received:
    867
    #1
  2. nitrobass24

    nitrobass24 Moderator

    Joined:
    Dec 26, 2010
    Messages:
    1,082
    Likes Received:
    126
    Sounds like you don't need to be "infected".

    I wonder what WAF tech they are using under the covers for this service.
     
    #2
  3. Patrick

    Patrick Administrator
    Staff Member

    Joined:
    Dec 21, 2010
    Messages:
    11,647
    Likes Received:
    4,594
    I have a bit of WP experience at this point. The XML-RPC functionality is actually used a lot by folks who use Microsoft LiveWriter and other tools to write in WP. It is also a known security nightmare for some time. STH does not have XML-RPC active for that reason.

    The "pingback" functionality in WP is fairly common. It refers basically to the functionality that lets you see when another site has cited a post. You can see on many WP blogs a series of entries in the comments sections with quotes and links to other web properties. This is another functionality STH has had turned off for years now since it is a favorite target for spammers looking to get links to their sites.

    WP Spam is absolutely crazy. Last month I think STH got somewhere around 1500 spam comments a day. This month it is averaging over 3000. September 2013 was around 750/ day.

    Bottom line is that WP is so widely adopted with tens of millions of installations that it is a huge attack vector. I know that many larger sites such as Tom's and Anandtech are custom written CMS which gives a little "security by obscurity" but we all know that is not worth too much.

    Hopefully that is somewhat useful to those that are not overly versed in the administration side of WordPress. I am by no means a WP expert, but I do have some experience.
     
    #3
  4. markpower28

    markpower28 Active Member

    Joined:
    Apr 9, 2013
    Messages:
    395
    Likes Received:
    98
    In netscaler, there is appfw that can address it.
    Unlike traditional fw. Netscaler can intercept the traffic then determine attack. Or you can setup rate limitation on the vip
     
    #4
  5. nitrobass24

    nitrobass24 Moderator

    Joined:
    Dec 26, 2010
    Messages:
    1,082
    Likes Received:
    126
    That's a thought. Patrick have you ever considered using net scaler in front of thing? I know they have a free version
     
    #5
  6. Patrick

    Patrick Administrator
    Staff Member

    Joined:
    Dec 21, 2010
    Messages:
    11,647
    Likes Received:
    4,594
    The free version of Netscaler only goes up to like 5mbps and STH's peak in March thus far is 45mbps. Not really a big enough issue to be a top 10 thing to solve at this point.
     
    #6
  7. nitrobass24

    nitrobass24 Moderator

    Joined:
    Dec 26, 2010
    Messages:
    1,082
    Likes Received:
    126
    45? Geeze that's a lot of bandwidth...so what is on the top10 list and how can we help?
     
    #7
  8. markpower28

    markpower28 Active Member

    Joined:
    Apr 9, 2013
    Messages:
    395
    Likes Received:
    98
    hate to keep bring this. One of my ecom customer implement the netscaler compression. they drop the bandwidth usage from 80 MB/s to 12 MB/s :)
     
    #8
  9. Patrick

    Patrick Administrator
    Staff Member

    Joined:
    Dec 21, 2010
    Messages:
    11,647
    Likes Received:
    4,594
    nitrobass24 - 45 is really the peak. 95th is more like 4.4mbps or so just to give you an idea. Not a big deal really since that is under 1/10th the bandwidth STH has (50/95th on a gigabit port)

    In terms of top 10, and outside normal review stuff, here is the backlog: http://forums.servethehome.com/site-organization-suggestions/3302-new-site-feature-backlog.html

    Most of the forums stuff is getting fixed with XF so that is the focus now. The BIG one is still STHbench.

    markpower28 - We are already compressing traffic. The next step really is adding SPDY which should be amazing. Going to wait to get the forums onto XF before switching over. The architecture is really simple now which makes it easy to maintain.
     
    #9
Similar Threads: 162k wordpress
Forum Title Date
Software Stuff WordPress - get on 4.3.1 ASAP! Sep 15, 2015

Share This Page