[wp-hackers] Plugin to stop wp-trackback DOS attack
Chris Jean
gaarai at gaarai.com
Tue Oct 20 14:37:17 UTC 2009
Thanks for the quick work on this Glenn. Looks like we can be expecting
a 2.8.5 soon.
Chris Jean
http://gaarai.com/
@chrisjean
Glenn Ansley wrote:
> Hi All,
> There have been several reports this morning of a DOS attack affecting
> the WordPress wp-trackback.php file.
>
> * [original post] http://www.stevefortuna.com/new-0-day-wordpress-exploit/
> * http://jarraltech.com/2009/10/new-0-day-wordpress-exploit/
> * http://www.hashbangcode.com/blog/wordpress-dos-attack-script-solution-2135.html
>
> All the the solutions have been the same thus far and require editing
> your .htaccess file or the wp-trackback.php file.
>
> FullThrottle has composed this quick plugin that accomplishes the same
> thing as the edit to the wp-trackback.php file.
>
> We will update this post and our code if further insight into the
> attack deems it necessary.
> We'd greatly appreciate any feedback this list has as well.
>
> You can download the plugin to test here:
> http://fullthrottledevelopment.com/wordpress-plugin-to-stop-trackback-dos-attacks
>
> or place the following in your theme's functions.php file:
>
> function ft_stop_trackback_dos_attacks(){
> global $pagenow;
> if ( 'wp-trackback.php' == $pagenow ){
> // DoS attack fix.
> if ( isset($_POST['charset']) ){
> $charset = $_POST['charset'];
> if ( strlen($charset) > 50 ) { die; }
> }
> }
> }
> add_action('init','ft_stop_trackback_dos_attacks');
>
> Thanks,
> Glenn Ansley
> http://fullthrottledevelopment.com
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
More information about the wp-hackers
mailing list