[wp-hackers] Plugin to stop wp-trackback DOS attack
Glenn Ansley
glenn at glennansley.com
Tue Oct 20 14:31:59 UTC 2009
Hi All,
There have been several reports this morning of a DOS attack affecting
the WordPress wp-trackback.php file.
* [original post] http://www.stevefortuna.com/new-0-day-wordpress-exploit/
* http://jarraltech.com/2009/10/new-0-day-wordpress-exploit/
* http://www.hashbangcode.com/blog/wordpress-dos-attack-script-solution-2135.html
All the the solutions have been the same thus far and require editing
your .htaccess file or the wp-trackback.php file.
FullThrottle has composed this quick plugin that accomplishes the same
thing as the edit to the wp-trackback.php file.
We will update this post and our code if further insight into the
attack deems it necessary.
We'd greatly appreciate any feedback this list has as well.
You can download the plugin to test here:
http://fullthrottledevelopment.com/wordpress-plugin-to-stop-trackback-dos-attacks
or place the following in your theme's functions.php file:
function ft_stop_trackback_dos_attacks(){
global $pagenow;
if ( 'wp-trackback.php' == $pagenow ){
// DoS attack fix.
if ( isset($_POST['charset']) ){
$charset = $_POST['charset'];
if ( strlen($charset) > 50 ) { die; }
}
}
}
add_action('init','ft_stop_trackback_dos_attacks');
Thanks,
Glenn Ansley
http://fullthrottledevelopment.com
More information about the wp-hackers
mailing list