DDoS Attack Is Launched From 162,000 Wordpress Sites

Last Monday hackers attacked over 162,000 Wordpress powered Websites. With Some old trick they were able to perform a distributed-denial-of-service attack against another websites. The Wordpress is a Content Management System by which user can go right to the login page with login credentials and after verification of information—they redirect into Dashboard. Security Firm Securi said that these Hackers have exploited a well known flaw that allows an attack to be amplified by attaching unwary websites. They still don’t confirm that which site the victim but they confirms site went down for hours. With a massive attack websites admin and Web hosting provider is not aware, to prevent such attack but just restore the site and move on further not taking any precaution. There are several website still running on outdated versions of Wordpress so one must be updated in order to stop hacking.

Securi CEO Daniel Cid said "It was a large HTTP-based (layer 7) distributed flood attack, sending hundreds of requests per second to their server All queries had a random value (like "? 4137049=643182?) That bypassed their cache and force a full page reloads every single time. It was killing their server pretty quickly.While hundreds of requests per second don't seem that big when looking at other recent DDoS attacks.. Can you see how powerful it can be? One attacker can use thousands of popular and clean Wordpress sites to perform their DDOS attack, while being hidden in the shadows.”

Hacker altered a huge number of website and makes them attack on other website which is vulnerableto the DDoS attack; Hackers tear apart over 162,000 different and legitimate Wordpress site in just a course of hours. They have detected many sites but then decided to block request at the edges with firewall. This massive attack was made possible by just a tiny XML-RPC file, which giving a ping back.

Here is some security Tips from Security Experts on Worpress Sites