Researchers, on Monday, stated that hackers are able to gain access to unsuspecting websites using some old-fashioned hacking trickery. Almost 162,000 websites were hacked in this manner which was legitimate WordPress-powered websites.
According to CNET (and Ars Technica) news, Sucuri, a security firm, said that a well-known bug in WordPress allows the attack to be amplified by harnessing unsuspecting websites.
It is unclear which website was attacked, but Sucuri claimed that a “popular” website was attacked. "It was a large HTTP-based (layer 7) distributed flood attack, sending hundreds of requests per second to their server," Sucuri chief technology officer Daniel Cid said in a blog post. "All queries had a random value (like "?4137049=643182?) that bypassed their cache and force a full page reload every single time. It was killing their server pretty quickly."
"Can you see how powerful it can be?" he added. "One attacker can use thousands of popular and clean WordPress sites to perform their DDOS attack, while being hidden in the shadows."
