Hacked Again - DDOS Attack
After getting hacked last month, my site was hacked again last week. This time I was subjected to a Distributed Denial of Service (DDoS) attack.
I first noticed that something was wrong when my pages were loading very slowly, so I contacted my host PowerVPS. I was stunned when they told me that my second site, www.windows7news.com, was being attacked by a DDoS attack. I always though these were reserved for big sites, normally to blackmail big sites, or to take competitors out of action. I’m pretty sure I don’t fall into either of those categories, so I’m starting to worry that someone has got a vendetta against me.
Given that the attack was against one particular site, my host advised me to check that everything was up to date. After upgrading 3 plugins everything seemed to be ok. I’m not sure which plugin was allowing the attack to occur, ( (If you are interested in which plugins I updated they were comment luv, super cache and Yet Another Related Post) but it really drove home a message I’d heard earlier in the day at a F-Secure event in London.
At the event, F-Secure said that hackers had moved on from trying to develop exploits for OSs and browsers as they pretty secure now, and were now developing attacks for plugins, browser extensions, adobe plugins etc because the coders of these weren’t as security conscious as professional developers.
In the future I’ll definitely make sure that all of WordPress installations are up to date!
Bookmark & Share
Comment by Shark Liver Oil on 30 September 2008:
This is unbelievable. I hope everything is okay now. Nice cold beer will make everything fine.
No seriously this sort of thing is very annoying. You are the second person I ave heard from who had DDoS attacks on there server.
I wish the web was a nicer place.
Comment by SoLinkable on 1 October 2008:
I luckily haven’t been on the receiving end of any attacks. I suppose it makes sense for them to go after the plugins, as they are easy targets. Have you researched which of the three were the most likely to have allowed the attack to occur?
Comment by web talk on 1 October 2008:
hackers should spend their time to find exploits on big websites such as microsoft and others instead of bothering us…little bloggers who try to make some good service to regular users!
Comment by Armen Shirvanian on 18 October 2008:
Being attacked in such a fashion causes us, the site runners, to start thinking about ways to handle future issues. It is not often expected that something damaging to our site will occur in a short time period, and it is then a good time to prepare in avoidance of being attacked more than once.