You can now find Cyber Kendra on Google News | Telegram

Hackers Hack WordPress Sites to Carry out DDoS Attacks on Ukrainian Resources

Hacking WordPress sites and injecting DDoS Scripts.

DDoS Wordpress website

Hackers hack WordPress sites to inject malicious scripts that use visitors' browsers to carry out DDoS attacks on Ukrainian resources.

MalwareHunterTeam researchers discovered a hacked WordPress site that used the aforementioned script and attacked ten sites, including resources of Ukrainian government, scientific and financial organizations, as well as sites recruiting volunteers for the International Legion of Territorial Defense of Ukraine, etc.

Once loaded, the JavaScript forces the user's browser to send HTTP GET requests to every site in the list with no more than 1,000 concurrent connections. This allows scripts to carry out DDoS attacks while the site visitor has no idea.

Each request to attacked sites uses an arbitrary query string, so the request does not go through a caching service like Cloudflare or Akamai and is sent directly to the attacked server.

For example, a script for a DDoS attack generates requests like the following:

"GET /17.650025158868488 HTTP/1.1"

"GET /?932.8529889504794 HTTP/1.1"

"GET /?71.59119445542395 HTTP/1.1"

According to developer Andrey Savchenko, in order to carry out these attacks, the attackers hacked hundreds of WordPress sites.

“There are about a hundred of them. All hacked through vulnerabilities in WP. Unfortunately, many providers/owners do not respond in any way,” Savchenko said .

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
Oops!
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.