• Thursday , 17 January 2019

DDoS Attack Leverages 162,000 WordPress Sites

ddosattack2In what appears to be one of the larger attacks that we now know about, a group of hackers was able to exploit 162,000 innocent WordPress sites in order to launch a DDoS attack against a “popular” WordPress blog, taking the site down for several hours.

A DDoS attack like this uses these sites to perform many requests of the site per second, forcing a full reload each time.  The server then gets overloaded, causing the website to shut down.

While this attack seems rather tame compared to the more recent “Mega attacks” on sites like Namecheap and Cloudflare, this attack is still interesting because it could have been generated by one individual.  The fact that someone can harness the power of that many sites and direct and attack is alarming.  In the wrong hands it could easily disrupt important events and cause other trouble.

What is a DDoS attack exactly?  The point of this sort of attack is to render the website or machine useless to its intended users.  This basically means crashing it or knocking it offline due to server overload.  There is a slight clarification between a DoS attack and a DDoS attack – DoS is done through one person or machine, and DDoS is a distributed attack spread across several people, machines, or bots.  In the case above, the DDoS harnessed the WordPress sites to spread the attack.

Typical targets of DDoS attacks include banks, payment gateways, and even some video game servers (from unhappy gamers).

Attacks can be carried out in various ways, including the recruitment of other vulnerable computers or websites.  These recruits are known as bots, and are under the control of the “botmaster”.

Both Kaspersky Labs and Symantec have identified botnets — not spam, viruses, or worms — as the biggest threat to Internet security. (TechTarget)

What can you do to keep yourself protected from becoming an instrument in one of these attacks?  You should definitely focus on keeping your computer as up to date as possible with all of the latest security updates.  You should also consider getting antimalware software such as Spyhunter 4 and Norton 360.  In addition, if you’re a webmaster, ensure that your website is always up to date with the latest versions of any software you’re using (such as WordPress) and also ensure that any plugins are up to date as well.

Related Posts

Leave A Comment