[wp-hackers] Plugin to stop wp-trackback DOS attack
Michael Clark
dc153464a11bcf5aeb18180db28017fb.wp-hackers at planetmike.com
Tue Oct 20 15:03:04 UTC 2009
If you are using custom permalinks, when is wp-trackback.php ever
called directly during the trackback process? I just tested this, and
the only files accessed were
ip.add.re.ss - - [20/Oct/2009:10:43:18 -0400] "HEAD /example-url
HTTP/1.0" 200 - "-" "WordPress/; http://www.example.com"
ip.add.re.ss - - [20/Oct/2009:10:43:18 -0400] "POST /xmlrpc.php
HTTP/1.0" 200 297 "-" "The Incutio XML-RPC PHP Library -- WordPress/"
ip.add.re.ss - - [20/Oct/2009:10:43:22 -0400] "HEAD /example-url
HTTP/1.0" 200 - "-" "WordPress/; http://www.example.com"
It seems to me that anyone ever accessing wp-trackback.php directly
should be rejected, blocked, and/or firewalled. What am I missing?
Both blogs tested using WP 2.8.4. My blog headers show /xmlrpc.php
not wp-trackback.php.
Aah, I see it now. If you aren't using pretty URLs, your trackbacks
will be url/trackback/ . I use the Trackback Validator from
http://seclab.cs.rice.edu/proj/trackback/ Will that plugin help
protect against type of attack? Mike
At 9:37 AM -0500 10/20/09, Chris Jean wrote:
>
>Glenn Ansley wrote:
>> Hi All,
>> There have been several reports this morning of a DOS attack affecting
>> the WordPress wp-trackback.php file.
>>
> > * [original post]
>http://www.stevefortuna.com/new-0-day-wordpress-exploit/
> > *
>http://www.hashbangcode.com/blog/wordpress-dos-attack-script-solution-2135.html
>>
>> All the the solutions have been the same thus far and require editing
>> your .htaccess file or the wp-trackback.php file.
>>
>> FullThrottle has composed this quick plugin that accomplishes the same
>> thing as the edit to the wp-trackback.php file.
>>
>> We will update this post and our code if further insight into the
>> attack deems it necessary.
>> We'd greatly appreciate any feedback this list has as well.
>>
>> You can download the plugin to test here:
>>
>>http://fullthrottledevelopment.com/wordpress-plugin-to-stop-trackback-dos-attacks
>>
>> or place the following in your theme's functions.php file:
>>
>> function ft_stop_trackback_dos_attacks(){
>> global $pagenow;
>> if ( 'wp-trackback.php' == $pagenow ){
>> // DoS attack fix.
>> if ( isset($_POST['charset']) ){
>> $charset = $_POST['charset'];
>> if ( strlen($charset) > 50 ) { die; }
>> }
>> }
>> }
>> add_action('init','ft_stop_trackback_dos_attacks');
>>
>> Thanks,
>> Glenn Ansley
> > http://fullthrottledevelopment.com
--
Michael Clark
http://www.PlanetMike.com
Listen to Christmas music 24 hours a day 7 days a week:
http://www.ChristmasMusic247.com
"Injustice anywhere is a threat to justice everywhere."
- Martin Luther King Jr.
More information about the wp-hackers
mailing list