Blocking WordPress XML-RPC DDoS Attacks With NGINX
A WordPress XML-RPC attack is a type of HTTP layer 7 DDoS attack that abuses the XML-RPC API of WordPress based websites to send HTTP GET requests to a victim’s web server in order to overload and crash it. This type of application layer attack is a relatively common part of layer 7 attacks, because a lot of people who run WordPress websites keep Pingback and Trackback features enabled, which ensures the bad guys always have enough vulnerable WordPress servers available to initiate this type of attack against an unprotected victim. Continue reading
A remote vulnerability has been discovered in the operating system of wind turbines of the major U.S.-based manufacturer XZERES. It can be exploited to gain full administrative access to single wind turbines and clusters of them.
Like almost everything nowadays, even a wind turbine apparently has to come with a shiny web interface to manage it. It is nothing new that especially these are often the weak spot that can play a major role in an exploitation process. Continue reading
Kazakhstan’s news website Tengrinews claims that it received “the biggest DDoS attack on a news resources of Kazakhstan” three days ago in reaction to its articles. It is not clear which one of their articles could have provoked such a cyber attack or who the attackers are. At 9 a.m. on March 20th their servers went down due to malicious attack traffic from more than 30 countries. Most of the bad traffic originated from infected machines they say, which indicates it has mainly been direct bot traffic. Continue reading
For the first time Beijing officially admits that it has special cyber units in its military and intelligence sectors. Up until now China always dismissed any allegations that it has a cyber army that can be used in targeted attacks on networks, as well as critical infrastructure such as gas pipelines and power grids. For years many suspected that China’s government was involved in hacking attacks on U.S. corporations to leak trade secrets, but Beijing never admitted its involvement and denied it had a cyber army. Continue reading
At the hacking competition Pwn2Own, serious security vulnerabilities were discovered in all major browsers, which includes Google Chrome, Apple Safari, Mozilla Firefox and Microsoft Internet Explorer. This year the star of the show was South Korean security researcher JungHoon Lee, who goes by the nick name lokihardt. During the event he made a total of $225.000 in bug bounties, due to the amount and severity of the security related bugs he discovered. Continue reading
On Thursday, March 19th, the chinese activist website Greatfire.org became the target of a rather huge, apparently HTTP-based DDoS attack, which is an application layer (Layer 7) attack. They say the attack size has been as large as 2.6 billion requests per hour, which translates into a bit more than 700.000 requests per second. Considering that most HTTP floods I’ve seen were below 20.000 requests per second, this was a rather large attack and therefore must have required a lot more resources on the attacker’s side than what is common. Continue reading