Powered by Blogger.

Crazy WordPress DDoS Attack

By Unknown Posted On 11:29 // Leave a Comment

Hey All,


We usually have DDoS attacks anytime we post a LET offer, go figure, but most of the time it doesn't really affect us. This time, we were smacked by something that we have never seen before and was wondering if anyone else has experienced a similar DDoS attack? It was essentially made by remote WordPress sites, thousands of them and it started within about 10 minutes of posting our offer. We have since mitigated the issue after about 90 minutes of slowness on our website. At it's peak, it was pulling about 10Mbps, not very big in terms of a DDoS attack but clearly causing a load on the server.


Our access log has a couple hundred thousand of the following entries, always similar, never the same (probably why our normal modes of protection were no good). This is just a very small sample:



108.174.151.74 - - [25/Feb/2015:12:01:30 -0700] "GET / HTTP/1.0" 403 494 "-" "WordPress/3.1; http://ift.tt/1DUyMzd"

108.45.120.51 - - [25/Feb/2015:12:01:30 -0700] "GET / HTTP/1.0" 403 494 "-" "WordPress/3.1; http://ift.tt/1DqBrza"

91.135.235.15 - - [25/Feb/2015:12:01:30 -0700] "GET / HTTP/1.0" 403 494 "-" "WordPress/2.9.1; http://ift.tt/1DUyPea"

204.147.202.36 - - [25/Feb/2015:12:01:30 -0700] "GET / HTTP/1.0" 403 494 "-" "WordPress/3.3.1; http://ift.tt/1DqBrzb"

64.207.177.124 - - [25/Feb/2015:12:01:30 -0700] "GET / HTTP/1.0" 403 494 "-" "WordPress/3.3.2; http://ift.tt/1DUyMPs"

194.29.153.16 - - [25/Feb/2015:12:01:30 -0700] "GET / HTTP/1.0" 403 494 "-" "WordPress/3.3.1; http://ift.tt/1DqBsDl"

61.195.154.212 - - [25/Feb/2015:12:01:30 -0700] "GET / HTTP/1.0" 403 494 "-" "WordPress/3.1.4; http://www.ishp.co.jp"

173.245.51.67 - - [25/Feb/2015:12:01:30 -0700] "GET / HTTP/1.1" 403 531 "-" "WordPress/4.0.1; http://ift.tt/1DUyMPw; verifying pingback from 192.99.71.21"

108.45.120.51 - - [25/Feb/2015:12:01:30 -0700] "GET / HTTP/1.0" 403 494 "-" "WordPress/3.1; http://ift.tt/1DqBrza"

198.63.32.250 - - [25/Feb/2015:12:01:30 -0700] "GET / HTTP/1.0" 403 494 "-" "WordPress/3.1; http://ift.tt/17TJZzG"

216.157.17.136 - - [25/Feb/2015:12:01:30 -0700] "GET / HTTP/1.0" 403 494 "-" "WordPress/3.4.2; http://ift.tt/1DUyPee"

216.187.153.138 - - [25/Feb/2015:12:01:30 -0700] "GET / HTTP/1.0" 403 494 "-" "WordPress/3.4.2; http://www.pinecc.com"

69.164.211.147 - - [25/Feb/2015:12:01:31 -0700] "GET / HTTP/1.0" 403 494 "-" "WordPress/4.1; http://www.themains.net; verifying pingback from 192.99.71.21"



Anyone else experience this or seen this type of attack before?


Guess just another reason to avoid WordPress like the plague.


http://ift.tt/1dvHQ0Z
Labels: ,

0 comments:

Post a Comment