Attackers (ab)used WordPress' pingback utility, again!
Feb 17, 2016 22:43 GMT · By Catalin Cimpanu Sucuri has blown the lid on a recent Layer 7 DDoS campaign that has leveraged WordPress installations, and more accurately its pingback function (again).
Layer 7 (Application Level) DDoS attacks aren't your regular DDoS attacks. While normal DDoS attacks rely on cramming a lot of network packets down your throat, Layer 7 attacks are different, akin to a poisoned dart.
They rely on specially crafted network packets that make your server's CPU usage go up, effectively shutting down your site, but without the attacker having to consume a huge amount of bandwidth to do so.
http://i1-news.softpedia-static.com/images/fitted/620x/26-000-wordpress-sites-leveraged-in-layer-7-ddos-attack-500552-3.jpg
Distrubution of compromised WordPress sites across service providers
Full Article