Using unsuspecting WordPress sites as amplification vectors, a hacker takes down a popular Web site for hours.

March 11, 2014 8:25 PM PDT

With some old-fashioned trickery, hackers were able to get more than 162,000 legitimate WordPress-powered Web sites to mount a distributed-denial-of-service attack against another Web site, security researchers said Monday.
Security firm Sucuri said hackers leveraged a well-known flaw in WordPress that allows an attack to be amplified by harnessing unsuspecting Web sites. It’s unclear which site was the victim of the cyberattack, but Sucuri said it was a “popular WordPress site” that went down for many hours.

Related stories
Bitcoin exchanges reportedly served with subpoenas
Namecheap targeted in monumental DDoS attack
Cyberattacked site offers $13K hacker reward
Record-breaking DDoS attack in Europe hits 400Gbps
British spy unit reportedly hit Anonymous with DDoS attacks

“It was a large HTTP-based (layer 7) distributed flood attack, sending hundreds of requests per second to their server,” Sucuri chief technology officer Daniel Cid said in a blog post. “All queries had a random value (like “?4137049=643182?) that bypassed their cache and force a full page reload every single time. It was killing their server pretty quickly.”
While hundreds of requests per second don’t seem that big when looking at other recent DDoS attacks — like the ones against Namecheap and a CloudFlare customer last month that reached volumes from 100 gigabits per second to 400 gigabits per second — Cid said this attack is still remarkable since it could have originated from just one person.
“Can you see how powerful it can be?” he wrote. “One attacker can use thousands of popular and clean WordPress sites to perform their DDOS attack, while being hidden in the shadows.”
(Via Ars Technica).

Leave a Reply