Wave Of Massive DDoS Attacks Rock WordPress.com

The first wave started on Thursday afternoon, slamming WordPress.com, the site that plays host to millions of blogs.

In a statement that WordPress owner Automattic released to security vendor Sophos, the "extremely large" DDoS attack affected connectivity in some cases and was "multiple gigabits per second and tens of millions of packets per second" in size.

The statement continued: "We are working to mitigate the attack, but because of the extreme size, it is proving rather difficult. At this time, everything should be back to normal as the attack has subsided, but we are actively working with our upstream providers on measures to prevent such attacks from affecting connectivity going forward."

WordPress.com founder Matt Mullenweg told TechCrunch that the DDoS attack was big enough to impact all three of its data centers in Chicago, San Antonio and Dallas. It was still unclear Friday morning what motivated the DDoS attack against WordPress and its blogs, but Mullenweg suggested it could be politically motivated.

Sponsored post

"This is the largest and most sustained attack we've seen in our six year history," Mullenweg told TechCrunch. "We suspect it may have been politically motivated against one of our non-English blogs but we're still investigating and have no definitive evidence yet."

And while the company said the system was running normal late Thursday night, a second attack clobbered WordPress again early Friday morning.

"Unfortunately, the DDoS attack from yesterday returned in a different form this morning and affected site-wide performance," Automattic wrote on a Web site that shows the performance and availability of its portfolio of Web properties. "The good news is that we were able to mitigate it quickly and performance returned to normal around 11:15 UTC. We are continuing to monitor the situation closely."

On Sophos' Naked Security blog, Senior Security Consultant Graham Cluley wrote that Sophos suffered some difficulty writing to its WordPress blogs yesterday.

"Sophos' Naked Security site runs on the VIP version of the WordPress.com platform, and our writers have had some difficulties posting today because of this disruption," he wrote.