WordPress Hit by Second Massive Attack in Two Days

ID THREATPOST:8E698B9C5FA6C80894C07A6167F0EF35
Type threatpost
Reporter Dennis Fisher
Modified 2013-04-17T16:35:04


WordpressThe main WordPress.com site was the target of a major DDoS attack yesterday that knocked the popular blogging platform offline for a couple of hours, and another attack that hit the site again Friday morning. The service is back online now, but the attacks may be an indication that the service could be collateral damage in some politically motivated attacks against WordPress blogs.

The first attack hit WordPress in the early afternoon on Thursday, and WordPress officials said that at its peak the attack traffic was in the range of several Gigabits per second, according to a report by TechCrunch.

“WordPress.com is currently being targeted by a extremely large
Distributed Denial of Service attack which is affecting connectivity in
some cases. The size of the attack is multiple Gigabits per second and
tens of millions of packets per second,” officials said in a statement during the attack.

Officials at WordPress and Automattic, which owns WordPress, did not say
whether they’d identified the source of the attack, but they hinted
about what may have been behind it.

“This is the largest and most sustained attack we’ve seen in our 6 year history. We suspect it may have been politically motivated against one of our non-English blogs but we’re still investigating and have no definitive evidence yet,” Matt Mullenweg, founder of WordPress and Automattic, told TechCrunch.

A second attack hit WordPress early Friday morning Eastern time, severely hampering the site’s availability. According to uptime and availability graphs provided by Automattic, WordPress.com availability plunged from 100 percent to roughly 66 percent at about 5 a.m. Friday.

“Unfortunately, the DDoS attack from yesterday returned in a different
form this morning and affected site-wide performance. The good news is
that we were able to mitigate it quickly and performance returned to
normal around 11:15 UTC. We are continuing to monitor the situation
closely,” a statement from Automattic on the site says.

WordPress is far and away the most popular blogging platform on the Web and is the hosting provider for some of the more highly trafficked media sites, including CBS and TechCrunch itself.