According to a blog released this week by Sucuri Security, WordPress is the newest target of a massive botnet that was designed to exploit the XML-RPC response on the popular blogging platform.
Best we can tell the botnet was targeting a relatively unknown WordPress blog, however the actual name of the site itself was not revealed by Sucuri when pressed for answers. The benefit of using lower-bandwidth attacks like those seen here is that the net can be spread over a wider range of machines while targeting application-layer weaknesses, and by randomizing the URLs used to generate traffic, the system is able to avoid detection and create a wider range of problems for the administrators tasked with taking it down.
The pingback-request feature is the main source of power for the attack, and was a known source of headaches for the WordPress team since first being introduced to the service back in 2007.
“The most interesting part is that all the requests were coming from valid and legitimate WordPress sites. Yes, other WordPress sites were sending random requests at a very large scale and bringing the site down,” he said. “Just in the course of a few hours, over 162,000 different and legitimate WordPress sites tried to attack [the] site. We would likely have detected a lot more sites, but we decided we had seen enough and blocked the requests at the edge firewall, mostly to avoid filling the logs with junk.”
The only sites affected were those running older versions of WordPress (anything from 3.2.1 or below), so as long as you’ve recently updated your plugins you shouldn’t have to worry whether or not this bug could bother you anytime in the near future.