[AusNOG] Fwd: WordPress site cloudgirl(dot)com(dot)au participating in DDoS [OPS-28294]

Skeeve Stevens skeeve+ausnog at eintellegonetworks.com
Thu Jul 10 12:27:55 EST 2014 

Just FYI for others who may not have been alerted yet.

...Skeeve

*Skeeve Stevens - *eintellego Networks Pty Ltd
skeeve at eintellegonetworks.com ; www.eintellegonetworks.com

Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve

facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau>
linkedin.com/in/skeeve

twitter.com/theispguy ; blog: www.theispguy.com


The Experts Who The Experts Call
Juniper - Cisco - Cloud - Consulting - IPv4 Brokering


---------- Forwarded message ----------
From: cert australia <info at cert.gov.au>
Date: Thu, Jul 10, 2014 at 11:59 AM
Subject: WordPress site xxx participating in DDoS [OPS-28294]
To: xxx, cert australia <info at cert.gov.au>
Cc: CERT Australia <info at cert.gov.au>


        Computer Emergency Response Team Australia
              <https://www.cert.gov.au>

Hello,

Your website has been reported as participating in a Distributed Denial of
Service (DDoS) attack on another website.

The website affected is: xxx

If you have already dealt with this issue or the details above are
incorrect, please disregard this notice.

A recent vulnerability in all versions of WordPress has been identified,
which allows a remote attacker to abuse WordPress websites to conduct
attacks on other websites.

The WordPress vulnerability relates to a legitimate piece of functionality,
known as XML-RPC, which is turned on by default and provides some
legitimate, however often unused functionality such as pingback and mobile
phone remote access.

As the functionality is legitimate yet this website has been abused to
conduct attacks, we strongly suggest you assess the requirement for this
WordPress functionality, and if unused please consider turning the feature
off.

For further technical details on how to protect your WordPress website, or
for news articles on the attack, please refer to the following links, or
simply google the phrase "Wordpress DDoS".

   -


   http://arstechnica.com/security/2014/03/more-than-162000-legit-wordpress-sites-abused-in-powerful-ddos-attack/
    -


   http://blog.sucuri.net/2014/03/more-than-162000-wordpress-sites-used-for-distributed-denial-of-service-attack.html
    -

   http://labs.sucuri.net/?is-my-wordpress-ddosing

 Contact

If you require further information or assistance, please visit our website
or contact us directly.


*CERT Australia Attorney-General's Department *

Phone: 1300 172 499 or +61 2 6141 2999
Email: info at cert.gov.au
Web: www.cert.gov.au

Protecting Our National Interests Online
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140710/80f757ec/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 127053 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140710/80f757ec/attachment-0001.png>

More information about the AusNOG mailing list