Large DDoS Attack Brings WordPress Pingback Abuse Back Into Spotlight 58
angry tapir writes "Attackers have abused the WordPress pingback feature, which allows sites to cross-reference blog posts, to launch a large-scale, distributed denial-of-service (DDoS) attack, according to researchers from Web security firm Sucuri. The attack involved over 162,000 legitimate WordPress websites being forced to send hundreds of requests per second to a popular WordPress site, preventing access to it for many hours. The attack exploited an issue with the XML-RPC (XML remote procedure call) implementation in WordPress that's used for features like pingback, trackback, remote access from mobile devices and others, and brought back into the spotlight the denial-of-service risks associated with this functionality that have been known since 2007."
Re:Why do hackers have to fuck up everything? (Score:5, Insightful)
Why do we have to have doors? A simple chalk line in the ground with the text "here starts my home" should suffice.
Why do we have money, credit cards, IDs, contracts,...
The inherent unreliability of human beings does impose a cost on all human activity. On the other hand, we've advanced a great deal since everyone had to defend their life with sticks and stones on a regular basis.
Wordpress is crap (Score:1, Insightful)
Dear internet, please quit using wordpress. It's constantly full of poor programming practices and it's basically the Microsoft Windows XP of blogging software.
Re:Why do hackers have to fuck up everything? (Score:4, Insightful)
>A simple chalk line in the ground with the text "here starts my
>home" should suffice
And in a lot of places it does. But at least with thieves the motivation is obvious - they want money. With these script kiddies its the equivalent of someone breaking into your house and smashing stuff up just for the sake of it.
Who still uses "pingback"? (Score:4, Insightful)
That is the first thing I turn off on any Wordpress install. pingback is the absolute worst feature ever made.
Re:nothing new (Score:5, Insightful)
Spoken like a true SEO.
Pingback is worthless and only clutters the hell out of a sites comments. nobody cares that muffymuffins.org reshared my content..