Taken 3 weeks ago, at that.
Summarized below is what happened, and what to do. But!
Legitimate WordPress sites were used in a DDoS (distributed denial-of-service) attack against other legitimate WordPress sites. The goal is to create a botnet: harness the power of thousands of blogs, and use it to attack another site and take offline, I don’t know the why.
Sucuri is a malware monitoring and cleanup company. They discovered the attack, when one of their client’s went offline due to a DDoS.
From their site:
The attack uses XML-RPC.
XML-RPC is found in the core of WordPress, and is used to perform a “ping”: when one website notifies another website to say hey, there’s new content to see here.
XML-RPC is used to keep search engines updated, RSS feeds fresh, and news sites current. It’s used to create pingbacks and trackbacks, XML-RPC even helps provide mobile access.
XML-RPC is located in WordPress’ core code, and is by default set to ON.
WordPress is in a tough spot with this one.
It makes sense to set the default to ON, right? Pinging is kinda the nature of the internet. There’s lots of plugins designed specifically to take advantage of pinging. That’s why you won’t see WordPress issue a patch for this security breach, they kind’ve can’t.
And that’s why this attack is so clever. Dirty, but clever.
In fact, by turning it off, many core plugins will stop working, as will Jetpack…
It’s up to you, and how you run your site, whether to leave it on or off…
There are 2 ways:
1. search your logs for “any POST requests to the XML-RPC file. If you see a ping back to a random URL, your site is being misused”. – Sucuri
2. use the scanner Sucuri built, click here.
Your URL will be checked against their logs, to verify if it was 1 of the 162,000 affected sites.
This is where it gets tricky, and why I say to read Sucuri’s full post, and comments, and decide for yourself.
1. disable all XML-RPC functionality on your site (core plugins may stop working)
2. add the below code to your theme, it’s a preventative filter:
(click here to copy the actual code)
(I chose option 2)
To add this code, is to go deep into the core code of the website (to “hack core WordPress”), where it’s really easy to type one wrong character and break your entire site.
Happened to KeriBlog.
(this stuff, wow eh. I knew what happened, that it was going to be fixed in a minute, and still I coughed up my heart when I refreshed to find that.)
Just been mouth-breathing around, you haven’t missed much.
Still riding out the bi-annual fever here. Didn’t even write the news yesterday, maybe the 3rd time I’ve ever not. Next week’s column won’t be getting a * beside it on the index page.
Kept kicking to the end, and before I went down Friday night, I managed to be up 140% at the casino, and win at pool (but barely, good game, 3-3 and down to the 8). Then I fell on my face and slept until Sunday, an 18 hour run. Whatever you hear going about this flu going around, believe it.
Nothing huge happening this week, lots of little meetings, dinners and email, but no big events.
Next week we’re off to Kentucky with Chrysler, and their 2014 200 sedan. And booked a Hyundai trip today, end of April in BC with their 2014 Genesis.
It’s been so boring I don’t even have any photos to embed below, so here’s a total lazy blog move, and another screenshot from the below gif TTYT