The WordPress XML-RPC API has been under attack for many years now. Back in August 2014, WordPress released version 3.9.2, fixing a possible denial of service issue in PHP’s XML processing. There are brute-force amplification attacks, reported by Sucuri, and so on. So, how do you protect WordPress from these xmlrpc.php attacks, but still being able to use (some of) its functionality like Jetpack? This post gives you some insight.
Joomla websites using the Googlemaps plugin for Joomla are actively abused as open proxy for launching Denial-of-Service (DoS) attacks. Even though the Googlemaps plugin vulnerability
plugin_googlemap2_proxy.php was released over one and a half (1,5) years ago, I still see these DoS-attacks happening on a regular basis…
SSDP amplified reflective DDoS attacks: The Internet Storm Center (ISC) InfoSec Handlers Diary Blog writes about a recent -significant- increase in both scanning for 1900/UDP and a huge increase of 1900/UDP being used for amplified reflective DDOS attacks: 1900/UDP (SSDP) Scanning and DDOS
WordPress 3.9.2 is now available as a security release for all previous versions. We strongly encourage you to update your sites immediately. This release fixes a possible denial of service issue in PHP’s XML processing, reported by Nir Goldshlager of the Salesforce.com Product Security Team. It was fixed by Michael Adams and Andrew Nacin of the WordPress security team and David Rothstein of the Drupal security team. This is the first time our two projects have coordinated on joint security releases.
Mod_evasive is a module for Apache and Windows Server IIS (using Helicon Ape), to provide protection and evasive action in the event of an HTTP DoS-, DDoS or brute force attack. Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denies an IP address access to a website if it’s requesting the same page more than 10 times a second. This is configurable.
WordPress xmlprc.php DDoS and brute-force attacks. How to identify, block, mitigate and leverage these xmlrpc.php scans, brute-force, and user enumeration attacks on WordPress sites… Secure WordPress xmlprc.php interface and reduce service disruption.
Close your open resolvers now! Open Recursive Resolvers pose a significant threat to the global network infrastructure. They are utilized in DNS Amplification attacks and pose a similar threat as those from Smurf attacks commonly seen in the late 1990’s. What can I do?
CloudFlare writes about closing open DNS resolvers. Open DNS resolvers are one of the sources of the biggest DDoS attacks.
Because of the damage they cause and the bewildering speed with which they mutate, botnets and DDoS attacks are not only perceived as being malevolent (which they are) but also unstoppable (which they aren’t). Fortunately there are companies such as Arbor Networks, which are dedicated to analyzing and stopping botnets and DDoS attacks on a global basis.