DDoS attack turns servers into bots
A new distributed denial of service attack has been discovered that uses servers to distribute rather than PCs.


Security experts have warned of a new distributed denial of service (DDoS) attack that targets full on web servers rather than individual PCs.
The hackers infect servers with an application and, through a very simple software program, are able to identify the URLs they want to attack and hit them in a click of a button.
Imperva, the security firm which discovered the attacks, has the source code for the original application, along with screenshots, showing it only contained 90 lines of PHP code.
"Although servers are typically harder to compromise than PCs, by capitalising on their greater horsepower, the hackers create a much more efficient and powerful DDoS tool using servers as the attack platform," said Imperva in a statement.
"By using web servers, the attackers are even less detectable. Trace backs typically lead to a lone server at a random hosting company."
Amichai Shulman, chief technology officer at Imperva, has claimed that unlike most DDoS attacks, this is not a one off and the attacks "will be ongoing."
He advises companies to be on the look out and monitor Google presence to check if they have been compromised.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Jennifer Scott is a former freelance journalist and currently political reporter for Sky News. She has a varied writing history, having started her career at Dennis Publishing, working in various roles across its business technology titles, including ITPro. Jennifer has specialised in a number of areas over the years and has produced a wealth of content for ITPro, focusing largely on data storage, networking, cloud computing, and telecommunications.
Most recently Jennifer has turned her skills to the political sphere and broadcast journalism, where she has worked for the BBC as a political reporter, before moving to Sky News.
-
LaunchDarkly to "double down" on observability with Highlight acquisition
News Highlight's observability tools will be integrated into LaunchDarkly's Guarded Releases software deployment service
By Daniel Todd
-
Samsung Galaxy Tab S10 FE review
Reviews The Tab S10 FE retains the feel and core capabilities of Samsung's high-end S10 tablets, but compromises on the display and the performance
By Stuart Andrews
-
UK crime fighters wrangle “several thousand” potential cyber criminals in DDoS-for-hire honeypot
News The sting follows a recent crackdown on DDoS-for-hire services globally
By Ross Kelly
-
US begins seizure of 48 DDoS-for-hire services following global investigation
News Six people have been arrested who allegedly oversaw computer attacks launched using booters
By Zach Marzouk
-
Will triple extortion ransomware truly take off?
In-depth Operators are now launching attacks with three extortion layers, but there are limitations to this model
By Connor Jones
-
GoDaddy web hosting review
Reviews GoDaddy web hosting is backed by competitive prices and a beginner-friendly dashboard, and while popular, beware of hidden prices
By Daniel Blechynden
-
Japan investigates potential Russian Killnet cyber attacks
News The hacker group has said it’s revolting against the country’s militarism and that it’s “kicking the samurai”
By Zach Marzouk
-
LockBit hacking group to be 'more aggressive' after falling victim to large-scale DDoS attack
News The ransomware group is currently embroiled in a battle after it leaked data belonging to cyber security company Entrust
By Connor Jones
-
Record for the largest ever HTTPS DDoS attack smashed once again
News The DDoS attack lasted 69 minutes and surpassed the previous record of 26 million RPS
By Praharsha Anand
-
Cloudflare mitigates biggest ever HTTPS DDoS attack
News A botnet generated over 212 million HTTPS requests from over 1,500 networks in 121 countries
By Zach Marzouk