homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / WordPress
Forum Library, Charter, Moderators: lorax & rogerd

WordPress Forum

Wordpress hack connects users to botnet
travelin cat

 1:54 pm on Mar 13, 2014 (gmt 0)

More than 100,000 Wordpress websites have conscripted into a botnet which forces them them to inadvertently launch DDoS attacks.
Security firm Sucuri found the botnet when analysing an attack targeting one of its customers and traced the source of the attack to legitimate WordPress sites.




 3:09 pm on Mar 13, 2014 (gmt 0)

I wish there was a way to shut down these sites. Maybe we need to have a license for WordPress site owners. If you're too stupid to keep your site updated, then you lose your license and the site goes offline.


 6:06 pm on Mar 13, 2014 (gmt 0)

Wordpress could also help by

1) disabling things that not everyone needs, like XML-RPC (used in this attack) by default.
2) making hardening easier - e.g. making /wp-admin easily relocatable
3) disable file editing by default - or remove the damn stupid misfeature altogether.
4) do not use the same default admin username on every install.


 6:13 pm on Mar 13, 2014 (gmt 0)

@graeme_p, yep.


 6:36 pm on Mar 13, 2014 (gmt 0)

I don't use wordpress for my own sites, but if a customer asks for it I warn them there will be ongoing maintenance costs to prevent them from being hacked.


 11:26 pm on Mar 13, 2014 (gmt 0)

I use an older version but can't upgrade as my host won't upgrade php to the level required to install the newer Wordpress.


 12:39 am on Mar 14, 2014 (gmt 0)

@webdevfv, I had the exact problem (are you with Yahoo SB too by any chance?). The older WP's have serious security issues and your domain can be hijacked for a Viagra page that isn't even on your site. My entire site isn't in WP (thank God), just a blog was, so I said the hell with WP and moved the blog to Blogger.

Now all those bogus Viagra pages go to my 404 page where there's a link to my main page. Thanks for the free traffic jerks, lol.


 3:51 am on Mar 14, 2014 (gmt 0)

I do have some sites running very old versions, but I have never faced any hacking problems. It's because I always password protect 'wp-admin' directory on all installations/versions.


 7:35 am on Mar 14, 2014 (gmt 0)

Protecting the admin folder or other non public folders with .htaccess is always a good practice since those files can typically cause the most damage but I wouldn't depend on it for securing an installation. Public scripts can be just as damaging.

Security for any site is about layers and keeping up to date to remove exploits should be priority number one.


 1:29 pm on Mar 14, 2014 (gmt 0)

+1 thecoalman


 4:36 pm on Mar 14, 2014 (gmt 0)

"I have never faced any hacking problems."

What I suspect you mean is you've not yet been hacked into.

Simply observe the hack attempts, in your raw access logs. The bulk are clearly focussed on the WP framework.

Then decide if that level of abuse of your CPU and BW is not a problem.


 6:45 pm on Mar 17, 2014 (gmt 0)

Public scripts can be just as damaging.

When my sites were constantly under attack, my managed webhost put a password protect on my Wordpress login and Google slammed me with "increase in authorization errors" pointing to the login pages. Here's the discussion to that problem I raised [webmasterworld.com...] Traffic plummeted - not the drastic drop-from-the-cliff kind, but the slow-but-sure kind that is sooo hard to climb back up.

I had to put the WP login pages in my robots.txt file to get rid of Google's authorization error messages.

I moved to a different managed server webhost with stronger protection layers against hacking. So far, no problems. Keeping my fingers crossed.

Hacking is just something many website owners don't think about until it happens to them. Just like me. When I got hit -- and boy, it was non stop -- it was painful. Only then did I take protecting against malwares and hacking seriously, and now religiously updates every Wordpress install and plugins as soon as available.


 1:00 pm on Mar 18, 2014 (gmt 0)

>> Traffic plummeted

But if the traffic was from the bot attack this would make sense. No?


 1:29 pm on Mar 18, 2014 (gmt 0)

If you're too stupid to keep your site updated, then you lose your license and the site goes offline.

This attack has nothing to do with updates, though. It's just the way pingbacks work, and they're enabled by default in many content management systems, not just Wordpress.


 5:00 pm on Mar 18, 2014 (gmt 0)

Good point robzilla - I wan't very clear. I should have included "and locked down"

You can disable them in the Admin panel for all future posts/pages. To disable them for already published posts/pages in bulk [wordpress.org...]


 6:18 pm on Mar 18, 2014 (gmt 0)

But if the traffic was from the bot attack this would make sense. No?

NO - the big decrease was Google traffic. The bot attack came as referral traffic


 7:49 am on May 23, 2014 (gmt 0)

WordPress has many vulnerabilities that can be exploited very easily. Most people do not know that their WordPress blog is a part of a large DDoS attack being carried out against a target.
Most commonly pingbacks and trackbacks are used in WordPress to send requests to a target website. DDoS attackers make use of this vulnerability launch a Application Layer DDoS attack.
We all should take steps to hardened our WordPress security so it can not be used to launch a large scale DDoS attack. Learn how to protect and prevent your WordPress website to be used in DDoS attack.

[edited by: lorax at 12:11 pm (utc) on May 23, 2014]


 12:24 pm on May 23, 2014 (gmt 0)

Let's be clear without the sensationalism. Pingbacks are a feature that WordPress allows. Some people find them useful, others find them less so. Some exploit the function to coordinate attacks.

Just because we have roads and people use those roads to deliver car bombs or crash their cars, doesn't mean the roads are a vulnerability. Roads can be used for bad and good - they're job is to allow transport. The job of pingbacks is to allow notification. Either one can be used against you. If you want a truly safe CMS then don't use a CMS.

Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / WordPress
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved