Global WordPress DDOS Attack – April 2013

I have got this report from My UK Service provider and it was hard , This seems to be like a Cyber War and it is not affecting a geographical area , it affects  a portion of people on all parts of the world.

On Thursday 11th April we noticed an abnormal amount of bot traffic hitting our servers, all specifically targeting wp-login.php files in an attempt to gain access to the admin areas of WordPress based websites.

Normally these types of attacks are quite small scale and are easily dealt with. However it soon became clear that this attack was on a much larger scale to anything we had seen before, the attacks were coming in from over 100,000 unique IP addresses from compromised workstations across the globe at the rate of hundreds of requests per second.

The attacks continued into Friday and it became clear that the attacks weren’t isolated to one or two web hosts, it was an attack on a truly global scale that hit every web host hard.

Our initial attempts to deal with the attack and keep servers online was to attempt to block the offending IP’s, but with the scale of the attack and the amount of IP’s that needed to be blocked this proved to be an unworkable solution and caused more problems than it fixed.

The only option left to us on Friday was to globally disable access to all wp-login.php files on all of our Shared and Reseller servers in an attempt to keep servers online through the attack period. We left this block in place throughout the weekend and we are pleased to report that the action had the desired result, in that no servers were brought down by the DDOS.

At the time of writing (Monday April 15th) the global DDOS appears to have dissipated.