After getting hacked last month, my site was hacked again last week. This time I was subjected to a Distributed Denial of Service (DDoS) attack.
I first noticed that something was wrong when my pages were loading very slowly, so I contacted my host PowerVPS. I was stunned when they told me that my second site, www.windows7news.com, was being attacked by a DDoS attack. I always though these were reserved for big sites, normally to blackmail big sites, or to take competitors out of action. I’m pretty sure I don’t fall into either of those categories, so I’m starting to worry that someone has got a vendetta against me.
Given that the attack was against one particular site, my host advised me to check that everything was up to date. After upgrading 3 plugins everything seemed to be ok. I’m not sure which plugin was allowing the attack to occur, ( (If you are interested in which plugins I updated they were comment luv, super cache and Yet Another Related Post) but it really drove home a message I’d heard earlier in the day at a F-Secure event in London.
At the event, F-Secure said that hackers had moved on from trying to develop exploits for OSs and browsers as they pretty secure now, and were now developing attacks for plugins, browser extensions, adobe plugins etc because the coders of these weren’t as security conscious as professional developers.
In the future I’ll definitely make sure that all of WordPress installations are up to date!
