[PLUG-TALK] WordPress Users Take Note
Rich Shepard
rshepard at appl-ecosys.com
Fri Mar 14 00:05:43 UTC 2014
On krebsonsecurity.com is this new post:
"Blogs of War: Don’t Be Cannon Fodder
"On Wednesday, KrebsOnSecurity was hit with a fairly large attack which
leveraged a feature in more than 42,000 blogs running the popular WordPress
content management system (this blog runs on WordPress). This post is an
effort to spread the word to other WordPress users to ensure their blogs
aren’t used in attacks going forward.
"At issue is the “pingback” function, a feature built into WordPress and
plenty of other CMS tools that is designed to notify (or ping) a site that
you linked to their content. Unfortunately, like most things useful on the
Web, the parasites and lowlifes of the world are turning pingbacks into a
feature to be disabled, lest it be used to attack others.
"And that is exactly what’s going on. Earlier this week, Web site security
firm Sucuri Security warned that it has seen attackers abusing the pingback
function built into more than 160,000 WordPress blogs to launch crippling
attacks against other sites."
Rich
More information about the PLUG-talk
mailing list