WordPress DDoS Attacks Primarily From China, Possibly Politically Motivated
After recovering from the largest Distributed Denial of Service attack in the service’s history (“multiple Gigabits per second and tens of millions of packets per second”) yesterday morning, blog host WordPress.com was attacked again very early this morning, finally stabilizing its service at 11:15 UTC (around 3am PST).
WordPress.com hosts over 30 million blogs, many of them news sites like our own, which lead some to conjecture that the attacks had come from the Middle East, a region experiencing its own internet issues at the moment. Not so says Automattic founder Matt Mullenweg, who tells me that 98% of the attacks over the past two days originated in China with a small percentage coming from Japan and Korea.
According to Mullenweg one of the targeted sites was a Chinese-language site operating on WordPress.com which also appears to be blocked on Baidu, China’s major search engine. WordPress doesn’t know exactly why the site was targeted and won’t release the name until it does. Based on the extent of the attacks Mullenweg tells me that they appear to be politically motivated.
“WordPress.com was hit with a another wave of attacks today (the fourth in two days) that caused issues again. This time we were able to recover more quickly, and also determined one of the targets to be a Chinese-language site which appears to be also blocked on Baidu. The vast majority of the attacks were coming from China (98%) with a little bit of Japan and Korea mixed in.”
While Mullenweg tells me that DDoS attacks are fairly common at WordPress but its the strength of its infrastructure (distributed across three data centers in three cities) usually prevents anyone from noticing. The recent attacks have impacted not just WordPress sites, other servers in the same part of the network causing the outages. WordPress is collaborating with upstream providers to shift the attacks.
Says Mullenweg, “Right now there are huge asymmetric risks on the internet because any bad actor, for a few tens of thousands of dollars, has the online equivalent of a dirty nuke and can bring even the largest sites to their knees and silence millions of voices.”
WordPress isn’t the only one suffering from recent DDoS attacks, a slew of South Korean sites also took a hit during the same time period.