WordPress Pingback Hack Attack

Posted on May 2, 2013


wordpress pingback attack

wordpress pingback attack

What’s going on? This:

Are you a WordPress blogger? Yes? Did you spend the weekend attacking a gaming site? No?

Don’t be so sure.

Incapsula, a Web services company that offers protection from distributed denial of service (DDoS) attacks, has announced that over the weekend one of its clients was the object of a sophisticated yet simple attack. The person or persons behind the assault exploited innocent WordPress sites to form an army of 2,500 blogs, all of which were sending relentless pingback requests to the target site.

Are you at risk? It seems to depend. If you’re hosted at WordPress.com, it appears the hackers, whoever they are, will not mess with you. If you’re independently hosted, using software from WordPress.org, and either using Wp.org 3.5 or better OR simply enabling pingbacks then yes, you are at risk. For you as a blogger, the worst-case scenario is having your blog visibly slow down (well, unless the Feds decide you were in on it that is) which isn’t such a big deal. But it’s a big deal to the target of the attack, who sees nothing but thousands or tens or hundreds of thousands of requests to ping from legitimate websites. The blog doesn’t know how to shut it down, because the attacking blogs are not exactly infected. They’re just doing their jobs.

Want to opt-out of becoming an inadvertent part of someone else’s botnet? Easily done. Go to the dashboard Discussion settings and diable pingbacks. DONE!

Yes, really that easy.