WordPress hit by 'extremely large' DDoS attack

[nsane.forums]

Blogging site back online after possible political protest

Popular blogging site WordPress has suffered a severe distributed denial-of-service (DDoS) attack that took servers offline for several hours.

The site, which hosts over 25 million blogs, posted a statement at 3:30pm GMT saying that the site had come under an "extremely large" DDoS attack, involving many gigabits and tens of millions of packets a second being fired at its servers.

DDoS attacks typically involve botnets of compromised computers around the world, bombarding a site with traffic - effectively clogging it up and preventing legitimate users from accessing its content, said Sophos senior technology consultant Graham Cluley in a blog post.

In the past I've described a DDoS attack as being like 15 fat men trying to get through a revolving door at the same time.

WordPress founder Matt Mullenweg told V3.co.uk that the attack had taken down all three of the site's datacentres in Chicago, San Antonio, and Dallas and was the most sustained and serious in the organisation's history.

The motive behind the attacks seemed to be political and the campaign appeared to revolve around a foreign-language blog the site was hosting, but that there was no hard proof as yet.

WordPress is now back online after around six hours of downtime.

"For businesses in a similar predicament, I would suggest they get in touch with their upstream bandwidth providers as soon as possible to work on technical mitigation and communicate frequently and transparently with their customers," said Mullenweg.

The site's popularity has made it a frequent target in the past by attackers seeking to inject exploit code on the site. This outage is the worst since the site's network problems last year that were caused by an unscheduled change to a core router.

View: Original Article

[DKT27]

Wordpress Continues to Fend Off Attacks

For the second day in a row, blog-hosting giant WordPress.com suffered a distributed denial-of-service attack that it was able to cut off quickly. The motive remains a matter of speculation.

The company posted notice of the attack on its dashboard Web page that the attack started at 4:05 GMT today with a brief explanation of the problem.

"Unfortunately, the DDoS attack from yesterday returned in a different form this morning and affected site-wide performance," the site says. "The good news is that we were able to mitigate it quickly and performance returned to normal around 11:15 [GMT]. We are continuing to monitor the situation closely."

The company still doesn't know why it was attacked, but speculation is it was an attempt to muzzle political blogs it hosts.

"There's a rumor floating around that the attack may have been politically motivated, but right now I haven't seen the proof to back up that claim," says Roel Schouwenberg, a researcher at Kaspersky Labs. "Currently, we don't have any detailed information as to who may be behind the DDoS."

Wordpress.com referred to yesterday's attack as the largest in its history, and efforts it made then might have reduced the impact felt from today's attack. The company said it was seeking help from service providers that connect it to the Internet to filter the attacks before they hit Wordpress.com servers.

The company's founder Matt Mullenweg had no proof but said he suspected the attackers were provoked by "one of our non-English blogs."

Distributed DoS attacks are gaining in popularity, according to Kaspersky. They are both more frequent and more severe. "I know of quite a few businesses that had the DDoS-problem under control until the attacks started to intensify recently," Schouwenberg says. "Possibly the high-profile DDoS attacks of late have functioned as some form of inspiration for other people."

The scale of yesterday's attack was beyond anything the company had seen before, with rates of multiple Gbps, representing tens of millions of packets per second," throwing off the company's three data centers in Chicago, San Antonio and Dallas.

View: Original Article

[DKT27]

WordPress: DDoS Attacks Came From China

The large distributed denial of service (DDoS) attacks that hit the WordPress.com blog publishing platform last week originated from China, according to the founder of the site.

A DDOS attack involves harnessing hundreds or thousands of computers to simultaneously bombard a web site with data so it becomes overwhelmed. The computers in such attacks have typically been infected with malware so they can be used without the consent and awareness of their owners.

The attacks, which brought slowdowns to the WordPress.com site, were severe enough to interfere with the company's three data centers in Chicago, San Antonio and Dallas. The site has since returned to normal as of Monday.

WordPress said last week the attacks might have been politically motivated and aimed at an unnamed Chinese-language blog, but it no longer has that view.

"Don't think it's politically motivated anymore," WordPress Founder Matt Mullenweg said in an e-mail to IDG News Service. "However the attacks did originate in China."

Mullenweg did not elaborate on the change in view or offer details on the source of the attacks.

The attacks directed "multiple Gigabits per second and tens of millions of packets per second" and were the "largest and most sustained" in its six-year history, Mullenweg previously said.

China has been frequently named as the country of origin for several major cyberattacks. Chinese hackers have been accused of launching cyber attacks to steal gigabytes of data from foreign energy companies, according to security vendor McAfee. In 2009, Google was also the victim of an attack that it alleged originated from China.

Very often the true source of a DDOS attack is unclear. While computers launching the attacks might be based in one country, they could be under control of hackers in a third country. Users at high risk of malware infections that can be used for DDOS attacks are those that don't run anti-virus software, don't keep their operating system updated or are running pirated operating systems that can't be updated.

The Chinese government has responded to these reports, saying it denies being involved in any cyber attacks. "The allegation that China supports hacking is groundless," a China foreign ministry spokesman said last month.

View: Original Article