[wp-hackers] Plugin to stop wp-trackback DOS attack

Michael Clark dc153464a11bcf5aeb18180db28017fb.wp-hackers at planetmike.com
Tue Oct 20 15:03:04 UTC 2009 

If you are using custom permalinks, when is wp-trackback.php ever 
called directly during the trackback process? I just tested this, and 
the only files accessed were

ip.add.re.ss - - [20/Oct/2009:10:43:18 -0400] "HEAD /example-url 
HTTP/1.0" 200 - "-" "WordPress/; http://www.example.com"
ip.add.re.ss - - [20/Oct/2009:10:43:18 -0400] "POST /xmlrpc.php 
HTTP/1.0" 200 297 "-" "The Incutio XML-RPC PHP Library -- WordPress/"
ip.add.re.ss - - [20/Oct/2009:10:43:22 -0400] "HEAD /example-url 
HTTP/1.0" 200 - "-" "WordPress/; http://www.example.com"

It seems to me that anyone ever accessing wp-trackback.php directly 
should be rejected, blocked, and/or firewalled. What am I missing? 
Both blogs tested using WP 2.8.4. My blog headers show /xmlrpc.php 
not wp-trackback.php.

Aah, I see it now. If you aren't using pretty URLs, your trackbacks 
will be url/trackback/ . I use the Trackback Validator from 
http://seclab.cs.rice.edu/proj/trackback/ Will that plugin help 
protect against type of attack? Mike




At 9:37 AM -0500 10/20/09, Chris Jean wrote:
>
>Glenn Ansley wrote:
>>  Hi All,
>>  There have been several reports this morning of a DOS attack affecting
>>  the WordPress wp-trackback.php file.
>>
>  >     * [original post] 
>http://www.stevefortuna.com/new-0-day-wordpress-exploit/
>  >     * 
>http://www.hashbangcode.com/blog/wordpress-dos-attack-script-solution-2135.html
>>
>>  All the the solutions have been the same thus far and require editing
>>  your .htaccess file or the wp-trackback.php file.
>>
>>  FullThrottle has composed this quick plugin that accomplishes the same
>>  thing as the edit to the wp-trackback.php file.
>>
>>  We will update this post and our code if further insight into the
>>  attack deems it necessary.
>>  We'd greatly appreciate any feedback this list has as well.
>>
>>  You can download the plugin to test here:
>> 
>>http://fullthrottledevelopment.com/wordpress-plugin-to-stop-trackback-dos-attacks
>>
>>  or place the following in your theme's functions.php file:
>>
>>  function ft_stop_trackback_dos_attacks(){
>>	global $pagenow;
>>	if ( 'wp-trackback.php' == $pagenow ){
>>		// DoS attack fix.
>>		if ( isset($_POST['charset']) ){
>>			$charset = $_POST['charset'];
>>			if ( strlen($charset) > 50 ) {  die; }
>>		}
>>	}
>>  }
>>  add_action('init','ft_stop_trackback_dos_attacks');
>>
>>  Thanks,
>>  Glenn Ansley
>  > http://fullthrottledevelopment.com



-- 

Michael Clark
http://www.PlanetMike.com

Listen to Christmas music 24 hours a day 7 days a week:
http://www.ChristmasMusic247.com

"Injustice anywhere is a threat to justice everywhere."
  - Martin Luther King Jr.

More information about the wp-hackers mailing list