Lessons learned from WordPress attacks

I traveled from VMworld to the lab last Wednesday, and during that time, something infected two websites I control.

I suspect the servers were used as part of a Syn Flood attack. The servers, both using WordPress, would come up and serve their web pages, but then they would quickly run out of cache by processes that were difficult to track.

+ Also on Network World: Analyzing real WordPress hacking attempts +

They initially made contact with some IPs located conveniently in Russia, then lots of syn traffic, and interesting session waits and listens. It took about two minutes before the sites cratered from resource drainage, and the errantly injected processes dominated then effectively cratered the servers from their intended use.

Related Posts