Although WordPress has served as one of the finest blogging platforms with 100,000,000 websites being run using it; this web technology also has its own set of faults. Well, it is the open source nature of WordPress which acts as its biggest strength as well as its weakness. Just a few months back, one of the renowned cloud security services company called Incapsula had highlighted a critical error called Pingback DDoS in WordPress core architecture. This flaw has adversely affected the performance of WordPress websites-turning them into potential targets for immensely damaging DDoS attacks. Continue to stay on this post as I’ll be talking about this huge security threat that has been bothering WordPress website owners across the globe.
What exactly is a Pingback DDoS attack?
Well, Pingback is a default functionality available in WordPress and is used for supporting cross-referencing between multiple blogs. As per the study conducted by Incapsula, this Pingback function can be easily used for performing malicious activities.An attacker can create a fake pingback request to the XMLRPC API, converting your WordPress website into a software bot that can further be utilized for DDoS(Distributed Denial Of Service) other WordPress websites via HTTP pingback requests.
An attacker(with no hacking skills) just needs to distribute XMLRPC pingback requests among multiple WordPress websites using a string of code, the example for which is shown below:
<?xml version=”1.0″ encoding=”iso-8859-1″?>
<methodCall>
<methodName>pingback.ping</methodName>
<params>
<param><value><string>http://www.severtarget.com/</string></value></par
am>
<param><value><string>http://192.168.3.200/WordPress-4.1/?p=3</string></value>
</param>
The attacker would be sending several such requests to thousands of WordPress websites, creating a chain reaction which would flood the sites with numerous HTTP requests, thereby causing site crashes instantly.
What makes the Pingback DDoS attack different from other WordPress website attacks?
The reason that makes the Pingback DDoS attack stand out is its easy availability. In other words, the pingback functionality is already activated for all WordPress 3.5 versions; thereby making the vulnerability available on millions and millions of WordPress websites which have been powered by these WP versions. As per Incapsula’s report, it has been shown that the Pingback DdoS vulnerability was available in around 8.49% of all the Alexa top 25,000 websites.
A closer look at the different types of DDoS attacks
The DDoS(Distributed Denial Of Service) attacks can be segregated into the below-mentioned types:
- Protocol Based Attacks:
In the internet, everything is based on protocols. Well, this type of DDoS attack can include things like SYN Floods, Packet modifications, Smurf DDoS, fragmented packet attacks, Ping of Death and many more. Measured in Packets per second, this type of DDoS attack will consume the actual server resources or the intermediate communication gadgets like load balancers, firewalls etc. associated with the WordPress website.
2. Volume Based Attacks:
Such type of DDoS attacks includes ICMP floods, UDP floods and a variety of spoofed-packet floods. With this attack, the bandwidth of the attacked WordPress website is being saturated and the magnitude of saturation is being measured in Bps(Bits per second).
3. Application Layer Attacks:
While the basis of this attacks is to target common applications like the different web servers, for eg Apache, Windows IIS etc; today, we can find the attack evolving to a wide range of application platforms including Joomla, WordPress and many more.
4. Zero-Day DDoS Attacks
Popularly called as unknown or new attacks, Zero-Day DDoS attacks are the WordPress security vulnerabilities for which no fix has been released till date. As a well-known term among hackers, the practice of trading in Zero-day vulnerabilities has been embraced by a huge majority of hackers, both newbies and professionals.
5. Infrastructure DDoS attack
This is a DDoS attack which basically overloads the entire network infrastructure by consuming a good amount of bandwidth. For instance, massive connection requests are being made without responding about the connection’s confirmation.
Some useful insights on preventing Pingback DDoS attacks for your WordPress website
Since the Pingback DDoS attack purely relies on XMLRPC API, you can simply go ahead with deleting or renaming the xmlrpc.php file stored within the root directory of the WordPress installation. Doing this will also remove all the other pingback-related functionalities. Hence, in order to stay protected from the Pingback DDoS attacks, it is imperative for you to activate the Incapsula DDoS protection solutions which would ascertain that only the completely filtered traffic reaches your host. Moreover, Incapsula has been constantly researching on extensive DDoS threat and the new attack methods. Therefore, with Incapsula’s DdoS protection services and solutions, you can rest assured to detecting all the malicious users for your WordPress website in addition to applying quick remedies in a real-time scenario, across multiple WordPress websites that have been equipped with Incapsula protection.
Wrapping it all up
It is advised to refrain your WordPress website from DDoS’ing other WP sites. Here’s hoping the details covered in this post would have allowed you to gather excellent information about this ever-evolving WordPress security threat that has been affecting both, simple as well as complex WordPress websites.
Author Bio:
Sophia Phillips has been working as a professional in WordPress theme customization company and loves sharing information about leveraging multiple benefits of WordPress CMS in the best possible manner. Currently, she has an impressive count of WP web development-related articles under her name.
