Security Corner

Mar 17 2014   2:49AM GMT

KrebsOnSecurity hit with massive WordPress pingback attack

Ken Harthun Ken Harthun Profile: Ken Harthun

In a March 14, 2014 blog post, Brian Krebs revealed that his site, KrebsOnSecurity, which runs on WordPress, was hit by a DDoS attack:

On Wednesday, KrebsOnSecurity was hit with a fairly large attack which leveraged a feature in more than 42,000 blogs running the popular WordPress content management system (this blog runs on WordPress). This post is an effort to spread the word to other WordPress users to ensure their blogs aren’t used in attacks going forward.

I covered the details of the attack method in my last post, but I also want to help spread the word to other WordPress administrators via the list of attacking sites that Mr. Krebs provided:

My hosting provider shared with me a list of the WordPress blogs that were used in the attack on this blog. I’m sharing it here to get the attention of WordPress administrators. I realize that some readers will view this as providing a roadmap for attacks, but I’m hopeful that making this information public will decrease the number of blogs that can be used in future such attacks.

 

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: