/plushcap/analysis/cloudflare/wordpress-pingback-attacks-and-our-waf

WordPress Pingback Attacks and our WAF

What's this blog post about?

On March 11, 2014, Simon Moore from CloudFlare discussed the issue of Layer 7 attacks targeting WordPress servers due to its widespread use on the web. He mentioned a large DDoS attack observed by Sucuri that exploited the pingback mechanism in WordPress. The attack involved using an XMLRPC endpoint and triggering HTTP requests to victim websites, causing server overload with minimal effort from the attacker. CloudFlare's WAF rule WP0001, "WordPress Pingback Blocker," prevents this type of abuse by stopping pingback usage on a WordPress blog. Additionally, their rule 100000, "WordPress Numbers Botnet," blocks mutating query strings in URLs to prevent server overload from repeated page generation attempts. Enabling these CloudFlare Wordpress rulesets can help protect websites from such attacks.

Company
Cloudflare

Date published
March 11, 2014

Author(s)
Simon Moore

Word count
448

Hacker News points
None found.

Language
English


By Matt Makai. 2021-2024.