162,000 WordPress sites Tricked into an Attack

Summarized below is what happened, and what to do.  But!

Do only as Sucuri Security says, not me.
Here’s their instructions.

The Attack

Legitimate WordPress sites were used in a DDoS (distributed denial-of-service) attack against other legitimate WordPress sites. The goal is to create a botnet: harness the power of thousands of blogs, and use it to attack another site and take offline, I don’t know the why.

Sucuri is a malware monitoring and cleanup company. They discovered the attack, when one of their client’s went offline due to a DDoS.

From their site:

The attack uses XML-RPC.

What is XML-RPC

XML-RPC is found in the core of WordPress, and is used to perform a “ping”: when one website notifies another website to say hey, there’s new content to see here.

XML-RPC is used to keep search engines updated, RSS feeds fresh, and news sites current. It’s used to create pingbacks and trackbacks, XML-RPC even helps provide mobile access.

XML-RPC is located in WordPress’ core code, and is by default set to ON.

WordPress’ Dilemma

WordPress is in a tough spot with this one.

It makes sense to set the default to ON, right? Pinging is kinda the nature of the internet. There’s lots of plugins designed specifically to take advantage of pinging.  That’s why you won’t see WordPress issue a patch for this security breach, they kind’ve can’t.

And that’s why this attack is so clever. Dirty, but clever.

In fact, by turning it off, many core plugins will stop working, as will Jetpack…

It’s up to you, and how you run your site, whether to leave it on or off…

How to Check if your Site is Affected 

There are 2 ways:

1. search your logs for “any POST requests to the XML-RPC file. If you see a ping back to a random URL, your site is being misused”. – Sucuri

2. use the scanner Sucuri built, click here.

Your URL will be checked against their logs, to verify if it was 1 of the 162,000 affected sites.

The Defence 

This is where it gets tricky, and why I say to read Sucuri’s full post, and comments, and decide for yourself.

Options include:

1. disable all XML-RPC functionality on your site (core plugins may stop working)

2. add the below code to your theme, it’s a preventative filter:

(click here to copy the actual code)

(I chose option 2)

Important to Know

To add this code, is to go deep into the core code of the website (to “hack core WordPress”), where it’s really easy to type one wrong character and break your entire site.

Happened to KeriBlog.

(this stuff, wow eh. I knew what happened, that it was going to be fixed in a minute, and still I coughed up my heart when I refreshed to find that.)

 

 

Armoured Cars are Coming into Vogue

There’s a very expensive luxury sedan segment you don’t see advertised, the Security segment.

BMW Security, Mercedes S-Guard, Audi A8 Security,

Take their largest sedan, add plating, ballistic and new windows, cameras with night vision, instantly seal the cabin for gas attacks, and keep it looking like the regular model – security through obscurity.

Read in on Autonet.ca

Favourite line:

Masking the armour beneath factory finishings, so the car looks identical to the non-armoured model.

The Attack:

I’d go for the vehicle’s traffic… follow behind, laptop and antennae on the passenger seat, see what you can capture…maybe steal some passwords, or take some data and hold it for ransom, copy photos for blackmail, you get it.

Related: Wenet armoured car shopping 

***

Back to ‘Keri on Driving’ – Index

 

 

All New Cars have a “Black Box”

All new 2014 vehicles now ship with a an EDR – Event Data Recorder, or, “black box.”

It constantly records information while the car is in motion, but only saves it in the event of a crash, a few seconds in total.

Information the EDR records: vehicle speed and acceleration, throttle and brake positions, ignition cycles, seat belt usage, velocity changes throughout a collision, and airbag deployment.

More sophisticated EDRs are arriving, which also record GPS data, seat position and steering, plus they continuously save the information.

Read it online at Autonet.ca

Favourite line:

My Prediction – EDRs & Car Insurance –  2nd last paragraph

I predict insurance companies will start to use the data, something like, “connect your EDR to our system, and reduce your monthly cost by paying for insurance only when you drive!

Here comes the “Connected Car”. It’s going to be huge guys.

***

Back to ‘Keri on Driving’ – Index

 

 

Protected, As Long As…

  • someone is monitoring the live feed
  • the feed is recorded and saved in its entirely, not looped and written over
  • the camera lens isn’t dirty
  • or knocked out of place, facing the wrong direction
  • the subject looks up

Lots of variables, huh.