If any conclusion can be drawn in comparing this month’s statistics with the rest of the year, it’s probably that hot weather is also discouraging to those bot controllers launching DDoS attacks! The month was rather uneventful on the malicious side of things, but the team worked in earnest to improve our mitigation mechanisms, including threat detection and banning systems… because, you know, winter is coming.
Overall, the distribution of visitors and bandwidth usage by country has not changed much in comparison to last month.
A more careful look at our visitors’ user agents shows a regular pattern in the usage of operating systems: as usual, Windows is the most used OS, followed by Android with everything else trailing well behind.
The real conundrum is illustrated by the following pie chart: how is it possible that in 2016, more than 2 years after its support ended, so many of our visitors still use Windows XP? If you are using it, we strongly recommend to update your system to a newer version of Windows or to switch to Linux (also to make our pie charts a bit more varied!).
June attacks on the Deflect network
This month the Deflect network didn’t face major incidents, and the few DDoS attack that targeted deflected websites were mitigated automatically.
The main incident was observed on the 2nd June. It lasted few hours and was caused by a smaller botnet made up of around 300 bots that attacked a Ukrainian website. As usual, the method was a WordPress Pingback reflective attack.
This method, which we often observe in our everyday activity, exploits the WordPress Pingback feature to attack websites, and any WordPress-based site can be affected unless it is adequately secured.
To check if your WordPress website has been used to attack others, you can use this tool. But if your website runs on WordPress, what’s most important is to secure it against this kind of attacks. It isn’t difficult: what you need is just to install a plugin called Disable XML-RPC Pingback in your website. This will make it impossible for attackers to exploit the WordPress Pingback feature to attack others.
If you want to secure your WordPress-based website against any kind of attacks, Deflect can help: eQPress is our secure hosting platform based on WordPress, where you can either migrate your website or create one from scratch. Visit eQPress’ website for more details.