Large DDoS Attack Brings WordPress Pingback Abuse Back Into Spotlight 58
angry tapir writes "Attackers have abused the WordPress pingback feature, which allows sites to cross-reference blog posts, to launch a large-scale, distributed denial-of-service (DDoS) attack, according to researchers from Web security firm Sucuri. The attack involved over 162,000 legitimate WordPress websites being forced to send hundreds of requests per second to a popular WordPress site, preventing access to it for many hours. The attack exploited an issue with the XML-RPC (XML remote procedure call) implementation in WordPress that's used for features like pingback, trackback, remote access from mobile devices and others, and brought back into the spotlight the denial-of-service risks associated with this functionality that have been known since 2007."