[wp-hackers] Plugin to stop wp-trackback DOS attack

Navjot Singh navjotjsingh at gmail.com
Tue Oct 20 14:49:57 UTC 2009


Well this should be submitted to the Trac if you want to see it in next WP
version.

On Tue, Oct 20, 2009 at 8:07 PM, Chris Jean <gaarai at gaarai.com> wrote:

> Thanks for the quick work on this Glenn. Looks like we can be expecting
> a 2.8.5 soon.
>
> Chris Jean
> http://gaarai.com/
> @chrisjean
>
>
>
> Glenn Ansley wrote:
> > Hi All,
> > There have been several reports this morning of a DOS attack affecting
> > the WordPress wp-trackback.php file.
> >
> >     * [original post]
> http://www.stevefortuna.com/new-0-day-wordpress-exploit/
> >     * http://jarraltech.com/2009/10/new-0-day-wordpress-exploit/
> >     *
> http://www.hashbangcode.com/blog/wordpress-dos-attack-script-solution-2135.html
> >
> > All the the solutions have been the same thus far and require editing
> > your .htaccess file or the wp-trackback.php file.
> >
> > FullThrottle has composed this quick plugin that accomplishes the same
> > thing as the edit to the wp-trackback.php file.
> >
> > We will update this post and our code if further insight into the
> > attack deems it necessary.
> > We'd greatly appreciate any feedback this list has as well.
> >
> > You can download the plugin to test here:
> >
> http://fullthrottledevelopment.com/wordpress-plugin-to-stop-trackback-dos-attacks
> >
> > or place the following in your theme's functions.php file:
> >
> > function ft_stop_trackback_dos_attacks(){
> >       global $pagenow;
> >       if ( 'wp-trackback.php' == $pagenow ){
> >               // DoS attack fix.
> >               if ( isset($_POST['charset']) ){
> >                       $charset = $_POST['charset'];
> >                       if ( strlen($charset) > 50 ) {  die; }
> >               }
> >       }
> > }
> > add_action('init','ft_stop_trackback_dos_attacks');
> >
> > Thanks,
> > Glenn Ansley
> > http://fullthrottledevelopment.com
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list