blogging basics

Warning : Your WordPress Site May Be Part Of A Pingback DDoS Botnet Attack {Just Ask Kim}

**The posts I write might contain affiliate links or be written in collaboration with businesses or brands. Please see my disclosure policy for more information.**

**This is reposted with permission from Just Ask Kim {Castleberry}

Did you know your WordPress blog could be contributing to the Pingback DDoS Botnet Attacks on sites like Aweber., Meetup and Hootsuite? Online media guru Kim Castleberry had an amazing article on this subject and how you can protect yourself. Enjoy

You’ve likely heard me (continue to) mention the need to tighten up your WordPress security efforts due to a HUGE spike in attacks on WordPress sites. This is unfortunately simply a downside of using the most popular CMS software available.
Screenshot of WordFence Live View Blocking Attacks

WordFence reports they are currently observing 9500+ attacks per minute –
and that’s only counting sites they can monitor!

There are a lot of attack types happening at the moment – and a lot of things we’re going to discuss over the next week (so be sure to be on my email list!).

… but right now we have to tackle one serious current part of it.

I’m going to explain what’s happening – but if it makes your eyes glaze over, jump down to the “Solution” or “Summary” section below and DO THAT!

What’s Happening With the WordPress DDoS Attack Botnet

Over the last couple weeks you’ve likely heard me talk again and again about the increase in attacks on WordPress. There are several types of attacks going on and today we’re just going to cover ONE of them.

You’ve likely also heard me talking about the DDoS attacks on sites like Aweber, GetResponse, and MeetUp.com.

Most people are unaware that these site attacks are totally related – and the first ones – are the source of the second ones – Yikes!

Generally speaking, rather than the older method of relying on infecting your computers – new hackers have moved to infecting WordPress sites that they can then control like “zombies” (as they still do with your computers too), and use them to carry out other attacks.

These infected systems then are used to attack other WordPress sites… and to attack their target sites, in this case any site that the hacker wants to “punish” and forcibly crash with a DDoS attack.

We started seeing another increase in XMLRPC class attacks on our WordPress sites more than a year ago. Regular readers will remember me suggesting to disable XMLRPC to help control this risk. But, at the time, we didn’t know WHY XMLRPC was being attacked so badly.

Now we see it all happening again and this time the hackers have gotten more powerful and now it’s obvious what the destination is.

By exploiting the XMLRPC code,  a hacker does not have to fully break in, in order to get your WP installation to send pings to a destination site.

This becomes  a “Pingback Botnet”. Sucuri posted about 160,000 WordPress sites being used in a DDoS attack. And this number has been growing!

These pings are generally trivial… but when multiplied by MILLIONS they’re anything but trivial.

In fact, they result in a DDoS attack…. which is a “Distributed, Denial of Service” attack. Distributed because the source of the attack comes from many places (and is this VERY VERY HARD to stop) and Denial of Service because they flood the site and exhaust the server resources until the server crashes (over and over and over).

And thus, it’s possible that your site has been contributing to attacks on other sites… and if it is not currently, it’s likely it will be in the very near future if you don’t take some action.

You can test to see if your site was used in the WordPress Pingback Botnet by using Sucuri’s WordPress DDoS scanner.  Don’t feel too cocky though if you test clean – because this thing is spreading like wildfire.

Solution: Keeping YOUR WordPress Site From Participating In The WordPress DDoS Attack Botnet
Read more at http://just-ask-kim.com/wordpress-pingback-ddos-attack/#fwMYU0UPWD52pB4W.99

(or read Summary below)

In Summary

  1. Learn more about the threat : Sucuri
  2. Install the Remove XMLRPC Pingback Ping plugin to protect your site from unknowingly enlisting in the next Pinback Botnet : Remove XMLRPC Pingback Ping.
  3. (Optional) Test your site using the steps here.
  4. Install WordFence and Better WP Security to increase your sites defenses. (Disable duplicate tools to reduce conflicts.)
  5. Ensure you’re taking high quality backups of your site, using a tool like BackupBuddy
  6. Be on the lookout for my WordPress Security course soon!

Keep You Safe Online!
~ Kim ~
Simple Tech Tips For Marketing
Read more at http://just-ask-kim.com/wordpress-pingback-ddos-attack/#fwMYU0UPWD52pB4W.99

Follow Me on Social Media!