[wp-hackers] Plugin to stop wp-trackback DOS attack

Chris Jean gaarai at gaarai.com
Tue Oct 20 14:37:17 UTC 2009


Thanks for the quick work on this Glenn. Looks like we can be expecting
a 2.8.5 soon.

Chris Jean
http://gaarai.com/
@chrisjean



Glenn Ansley wrote:
> Hi All,
> There have been several reports this morning of a DOS attack affecting
> the WordPress wp-trackback.php file.
>
>     * [original post] http://www.stevefortuna.com/new-0-day-wordpress-exploit/
>     * http://jarraltech.com/2009/10/new-0-day-wordpress-exploit/
>     * http://www.hashbangcode.com/blog/wordpress-dos-attack-script-solution-2135.html
>
> All the the solutions have been the same thus far and require editing
> your .htaccess file or the wp-trackback.php file.
>
> FullThrottle has composed this quick plugin that accomplishes the same
> thing as the edit to the wp-trackback.php file.
>
> We will update this post and our code if further insight into the
> attack deems it necessary.
> We'd greatly appreciate any feedback this list has as well.
>
> You can download the plugin to test here:
> http://fullthrottledevelopment.com/wordpress-plugin-to-stop-trackback-dos-attacks
>
> or place the following in your theme's functions.php file:
>
> function ft_stop_trackback_dos_attacks(){
> 	global $pagenow;
> 	if ( 'wp-trackback.php' == $pagenow ){
> 		// DoS attack fix.
> 		if ( isset($_POST['charset']) ){
> 			$charset = $_POST['charset'];
> 			if ( strlen($charset) > 50 ) {  die; }
> 		}
> 	}
> }
> add_action('init','ft_stop_trackback_dos_attacks');
>
> Thanks,
> Glenn Ansley
> http://fullthrottledevelopment.com
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>   


More information about the wp-hackers mailing list