Is your site a zombie at the bidding of nefarious hackers allowing them to take down other sites? If your site is powered by WordPress, like millions across the 'net, it could be thanks to a new exploit. Does your site have pingbacks enabled? If so, your site is at risk!
Thanks to a vulnerability in XMLRPC, which is used to enable features like remote mobile access to your site, trackbacks and of course, pingbacks, hackers can use your site as part of a DDOS (Distributed Denial of Service) attack on other sites around the 'net. Hundreds of thousands of sites are infected! Fortunately there's a simple way to tell if your site is infected. Securi has set up an easy to use test to see if your site is infected. Just enter your site's url and press a button. It will tell you if your site is infected, or all clear.
What do you do now that you know your site is infected (or even if it isn't)?
It's time to squash this vulnerability! Fortunately, you don't need a developer or even to touch a line of code (unless you want to) to cleanse your site of the zombie menace. Simply install the aptly named Remove XMLRPC Pingback Ping plugin. This plugin will disable pingbacks, preventing hackers from recruiting your site into their zombie botnet army (or freeing it from their grasp if your site has already fallen). The great thing about this particular plugin is that it will not affect some of the features you may have grown to know and love from XMLRPC. So if you use plugins like Jetpack you will still be able to keep your site secure, while enjoying the benefits it has to offer.
As part of the LOLSMG team's commitment to providing our clients with the best service possible we've already taken action to keep your sites safe and sound! Our sites have remained zombie free and we are committed to keeping it that way.
Was your site turned into a zombie? Have you mitigated the problem yet? Share your zombie stores with us in the comments!