How To Block WordPress XML-RPC DDoS Attacks With NGINX

Blocking WordPress XML-RPC DDoS Attacks With NGINX

A WordPress XML-RPC attack is a type of HTTP layer 7 DDoS attack that abuses the XML-RPC API of WordPress based websites to send HTTP GET requests to a victim’s web server in order to overload and crash it. This type of application layer attack is a relatively common part of layer 7 attacks, because a lot of people who run WordPress websites keep Pingback and Trackback features enabled, which ensures the bad guys always have enough vulnerable WordPress servers available to initiate this type of attack against an unprotected victim. Continue reading

Kazakhstan Experiences Its Biggest DDoS Attack on a News Site

Kazakhstan’s news website Tengrinews claims that it received “the biggest DDoS attack on a news resources of Kazakhstan” three days ago in reaction to its articles. It is not clear which one of their articles could have provoked such a cyber attack or who the attackers are. At 9 a.m. on March 20th their servers went down due to malicious attack traffic from more than 30 countries. Most of the bad traffic originated from infected machines they say, which indicates it has mainly been direct bot traffic from VPS mining systems that were compromised. Continue reading

Chinese Activists under DDoS Attack

On Thursday, March 19th, the chinese activist website became the target of a rather huge, apparently HTTP-based DDoS attack, which is an application layer (Layer 7) attack. They say the attack size has been as large as 2.6 billion requests per hour, which translates into a bit more than 700.000 requests per second. Considering that most HTTP floods I’ve seen were below 20.000 requests per second, this was a rather large attack and therefore must have required a lot more resources on the attacker’s side than what is common. Continue reading