Protecting WordPress from DDos Attack

(1 ratings Rating: 5 out of 5)
Загрузка ... Loading ...

August 21 this year, Ai Pi blog Mani was temporarily not available. More precisely it was blocked almost daily.

I offer all my apologies. I would also like to thank the support of your host for prompt assistance.

The reason for blocking the server for me is very unusual - DDos-attack. I used to be such a misfortune had not yet encountered.

What is it? As I understood from the very kind people DDoS-attack - Distributed Denial of Service (DDoS - Distributed Denial of Service). The meaning of this attack is that the hackers at the same time (and for quite a long time) are turning to the server with a huge number of different ip-addresses. Servers can not handle such a load and locked.

In general, I am told, to protect against DDos-attack is almost impossible, because the server can not determine what ip-requests to weed out.

Attack was made ​​on the file WordPress wp-cron.php, which lies at the root of the blog.

This file is needed to publish posts with grace. For example, you have written a couple of articles that have set the date of publication on the future number and went on leave, and the posts will be published automatically on a schedule. Very convenient.

And so. It turns out that if you do not use the delayed publication, the special appeal of this file (such as http://ваш_блог/wp-cron.php?check=46cbe1674da1d2888104482d6ed4f87f) activates unused scripts on the server, which themselves do not complete and only accumulate in memory consuming more system resources on the server.

However, the script has started to know the hash value after the parameter check. It depends on the number of which is in line

  $_GET [ 'check' ] != wp_hash ( '187425' ) ) if ($ _GET ['check']! = wp_hash ('187425 ')) 

file wp-cron.php

Here also lies a cruel trick. ( By default, all WordPress is the number 187425! Thus, to organize an attack with any blog engine WordPress is not that hard.

Protect themselves easily - change the number of defaults on any of its other.

On my server was made more than 25 requests per second. How long did the attack do not know, because server "stood up" and statistics are not recorded. After rebooting the server, the attack was repeated again and again ...

Frankly, I would not have guessed that the server is overloaded planned, if not received an e-mail with a justification of the operation (after the disaster recovery server, of course). What were asked to write will not. I can only say that promised to repeat the attack, if not agree with their terms. What exactly they are interested in my blog I do not quite understand. In any case - we'll see.

As far as I know, DDos-attack quite expensive pleasure. Therefore, we can hardly wait for the repeat. And already taken some measures to protect (not just in this article).

I recommend all bloggers to take care of the protection of their projects.

Last modified: 10/08/2013 at 07:54
Published: Saturday, August 22, 2009 at 19:10
Choose the language:

Comments: 15

Average bar: 4.96 out of 5
  1. Web Surfer
    August 23, 2009 at 21:20

    After reading your article in the search engines at once. :) Many found a problem with the krona. I have been instances when he refused and the article was not published in a timely fashion. We will take steps to hash.


  2. TiamatInc
    August 27, 2009 at 14:39

    I've had problems with Crohn's disease, as long as our support is not hosting dashed claim, now works as a clock.

    Hmm ... what version of WP is present this line of code? Something I have not found it myself.


  3. SeoFermer
    September 1, 2009 at 19:18

    That's the problem turns out to be something ... And I already remade in hosting wrote and asked my friends ... I have three days in a row all the space on the hosting ate some cron files in the WWW, then just do Ip blocked ...


  4. Executor
    September 13th, 2009 at 22:45

    Strangely, I have in this file does not have such a line, maybe you was not too recent version of Wordpress, but in general, it will not protect you from DDos, you can find many ways to put a server, you can score a stupidly large botnet channel.


  5. Serge
    September 16th, 2009 at 17:10

    In, chewed, and that did could not understand what this thing was. :) Especially freelance frequently attacked by this method.


  6. Ander
    October 7, 2009 at 21:38

    And if you do delete this line? For which it is responsible?


  7. Himiko
    October 13, 2009 at 20:23

    Close in his file. Htaccess file access cron.php via the web and that's it. :)
    If necessary, run the script in this way through the crowns:
    / Usr / bin / php / var / www / / cron.php


  8. Clean
    October 26, 2009 at 18:45

    Dos attacks are made with the help of "zombosetey." ZOMBOSET - you should antivirus? He showed you the PC Trojans? So if you have at least some time on the PC was a Trojan 99% that you were a member of zombosetki. And on a certain signal, all the PC consisting zomboseti start sending requests to "site-sacrifice." It's simple. The most frequent distribution of Trojans - Crack. Do you think guys create cracks for free? Come on, tell me a story about "the network altruist." ;)
    Expensive base zombosetey 1000 + PC, the simplest attack is possible, and with 100 computers, actually 25 requests per second is very small.

    In fact, protection against dos attacks - a good hosting company. For example all the unloved Ucoz does not allow him to poke fun at the wards sites.


  9. Andrey
    April 21, 2010 at 13:20

    Frankly 25 requests per second is enough. :)
    Now my server is a site that works in normal mode and query it in 48 seconds and a few such sites. In general, Apache is very slow web server to use the other.


  10. dikiiwulf
    April 29, 2010 at 14:30

    Ddos attacks attributed to cyber-terrorism, and I do not think that if someone would infect 1,000 computers, then they will be attacking you. If you are not a commercial project, it will not be who cares? Even in prison you can sit down.
    A UCOZ-Havn, because it does not allow to work with Mysql & PHP, and even a designer? Noobs only breeds ...
    Moving from the best JOOMLA! Prefer vydelenku, it gives you more options, and 100% for vydelenke worth protecting. 1000 timber per month and 50,000 GB plus you can create yourself a dedicated server.


  11. SEO Umneg
    May 18, 2010 at 13:48

    The number 187425 should be changed only in the wp-cron.php? It is not used anywhere else?

    It should only be a 6-digit integer?


  12. temass
    November 23, 2010 at 10:56

    This is what to do to you Doss, I do not understand. :)


  13. K_E_V_in
    March 9, 2011 at 16:10

    The new versions of WordPress that hole is closed. But it is used by some plugins. For example SuperCache, therefore use other caching plugins!


  14. teD
    March 28, 2011 at 02:42

    A fun way to DDoS:


  15. Maude Fernandez
    August 9, 2011 at 08:48

    My hosting is currently suffering from a DDoS for 3 days. All of my sites do not work and it's not funny. I was able to throw the site to another server.


Have something to say? Do not be silent!

Your comment will appear after being moderated.
Spam and off-topic posts are deleted.

To insert php-code, use the tag:
<pre lang="php"> php-code </ pre>

I'm not a spammer!