infinix x yugatech

[ Wordpress ]

WP Trackback Spam Attack

Editor-in-chief April 9, 2008 · 2 min read
Listen to article
TRENDING
Instagram now lets users reorder their posts on their profile iOS 27 Adds Native Baybayin Keyboard to iPhone: Here is How to Enable It AMD Radeon RX 9070 GRE announced GPD MicroPC 2 with Intel Core 3 N350 announced Nintendo Direct to unveil Switch 2 games for second half of 2026

They say that the more popular you are, the more attacks you get. This is so true with WordPress right now. The massive code injection and hidden links on WordPress blogs are getting some serious coverage and just tonight I discovered another form of attack — the WP Trackback Spam flooding.

The attack is simple yet effective — flood wp-trackback.php with HTTP requests. It’s like a DDOS actually. There could be several ways to do this:

  • Software-driven. I’ve seen some softwares that can do 1,000 HTTP simultaneous requests to a site or specific webpage.
  • Code embed. Add the target page (in this case, wp-trackback.php) into a popular page or site which requests for it at every page load. Replicate that on many other high-traffic sites and viola, instant slashdot effect.
  • Bots. Similar to a GoogleBot or Yahoo! Metacrawler but these type have malicious intent only goes after a specific page — wp-trackback.php.

It’s hard really. Took me about 6 hours monitoring one of our servers where a blog was attacked. The attack would seem like a Digg-effect or a slashdot effect. However, any anti-Digg solutions would not work — even WP-SuperCache could not fend it off. Then it struck me, maybe the page is not being cached.

A check with the analytics showed this:

wordpress trackback

WP-Shortstats was tracking it. Thousands of trackback requests for almost all pages in the blog in a matter of hours.

What made it worse is that the wp-shortstats plugin is also recording this — meaning for each page request, there’s a corresponding SQL query executed by Shortstats that’s aggravating the situation.

The result — slow, crawling blog; eventually, an overloaded or crashed server.

The solution? Deactivating trackbacks won’t help. You need to delete wp-trackback.php or CHMOD it to 000. If you can identify the IP, block them too.

Your blog won’t be able to send/receive legit trackbacks but it’s the only solution for now.

Frequently Asked Questions

What is a WP Trackback Spam attack?
It floods wp-trackback.php with HTTP requests, similar to a DDOS attack.
Why did WP-SuperCache fail to stop the attack?
The trackback page was not being cached, so caching solutions could not fend it off.
How did the wp-shortstats plugin worsen the attack?
It recorded each trackback request, adding extra server load for every page request.
React to this article:
More on trackback View all →
attack flood hack pingback spam trackback
Written by
Abe Olandres

Abe Olandres

Editor-in-chief

Abe is the founder and Editor-in-Chief of YugaTech with over 20 years of experience in the technology industry. He is one of the pioneers of blogging in the country and is considered by many as the Father of Tech Blogging in the Philippines.

8,007 Articles
View all posts by Abe Olandres →

Related Articles

DJI Avata 360 — why it changed the way we shoot videos

NVidia makes RTX Spark official

Watch: Xiaomi 17T Pro Review

Xiaomi 17T Pro vs. Xiaomi 15T Pro: What’s different?

Xiaomi 17T vs. Xiaomi 15T, what’s different?

Xiaomi 17 T, 17T Pro announced!

29 Comments

CR
crochet marker · 12 years ago

Hi there, I would like to subscribe for this weblog to take
most up-to-date updates, therefore where can i do it please assist.


Reply
MO
moving and storage · 12 years ago

Bekins Moving Company is prepared to offer a host of moving
services for any need that you might have. The services provided by a
Moving Company – A moving company helps companies and folks to relocate
their items from a single spot to an additional whether in the identical town or a
single town to one more. Get help from your pals who’ve
by now hired the movers.


Reply
CA
call of mini dino · 12 years ago

It is truly a great and useful piece of info.
I’m happy that you shared this useful info with us. Please keep us informed like this.
Thank you for sharing.


Reply
AN
Anonymous · 12 years ago

Thanks for your marvelous posting! I seriously enjoyed reading it, you happen to be a great author.
I will make sure to bookmark your blog and definitely will
come back at some point. I want to encourage you to definitely continue your great writing,
have a nice morning!


Reply
FU
furniture · 12 years ago

Clean and Sand – When the perfect day arrives, you will need to remove any hardware
you do not want painted and clean your laminate furniture off with TSP and a rag.

Sauder wood panels are laminated to give the product a strong, wooden appearance.
It definitely helps us to remain in close
contact with nature while enjoying the scenic splendor.


Reply
HT
https://independent. · 12 years ago

I adore you for gathering useful info, this post has given me
a lot more info!


Reply
GR
Gretta · 12 years ago

Un gros remerciement au créateur du site internet


Reply
HO
how to get a flat · 12 years ago

Hi there everyone, it’s my first visit at this site, and piece
of writing is actually fruitful for me, keep up posting these posts.


Reply
FR
free software · 12 years ago

Awesome issues here. I’m very happy to peer your article.
Thanks a lot and I’m taking a look forward to contact you.
Will you kindly drop me a mail?


Reply
TO
top gadget · 12 years ago

Woah your blog is wonderful i enjoy mastering your articles. Remain up the fantastic works of art! You understand, many people are browsing rounded because of this data, you might help them enormously.


Reply
HO
how to get a · 12 years ago

Having read this I thought it was really informative. I
appreciate you spending some time and energy to put this
information together. I once again find myself personally
spending a lot of time both reading and leaving comments. But so
what, it was still worthwhile!


Reply
WW
www.ask.com · 12 years ago

Hi! What’s the name of that blog template? Or it’s custom?


Reply
EN
Energy Jewelry – Innovative or Nonsense · 13 years ago

Howdy, Tidy submit. It has an matter using your website around ie, could check this? IE even now is definitely the current market main as well as a massive section of other folks will probably pass up ones exceptional composing for that reason challenge.


Reply
NE
New Y8 Car · 13 years ago

My brother suggested I may like this blog. He used to be entirely right.
This publish actually made my day. You can not believe simply how
a lot time I had spent for this information! Thanks!


Reply
BE
best vibrators · 13 years ago

Great items from you, man. I’ve understand your stuff prior to and you’re just extremely wonderful.
I actually like what you have bought here, certainly like what you are saying and the best way
in which you say it. You are making it entertaining and you continue to take care of to stay it sensible.
I can’t wait to learn much more from you. This is actually a terrific web site.


Reply
SE
SEO · 13 years ago

Everything becomes less clear when you enter grey hat territory.
an enquiry engine may be a database of internet sites.
But it is extremely important that anyone looking to hire an SEO professional be aware of the differences.


Reply
BL
bluehost xmpp-server · 13 years ago

That is a very good tip particularly to those fresh to the blogosphere.
Simple but very accurate information… Thanks for sharing this one.
A must read article!


Reply
JU
Justin · 13 years ago

As we all know, looks can be deceiving, so I decided
to try out the question tool for myself. ”. You can then take a hard look at the companies that come up for that particular keyword.
Naturally, they will flock to your competitor who does.

Thus, in minimum cost, you get an opportunity to increase your site ranking on Search Engine Result Page (SERP).
The major preference is for offshore SEO companies as they offer SEO at the most competitive
prices. Pages and articles are very different, as far as Joomla is concerned.
Lastly, make sure that you have a reliable work-at-home office.
Configure You – Tube settings by changing the default settings to your preferred and secure preferences.

What are the advantages of article submission. organic
search, frequency of blog posts, frequency of on-page optimization, the relative importance of links,
the use of social media, the best way to measure results, etc.

If your website deals with certain products or services, then
conduct a proper research on these and then form your SEO content.
‘ Every page should be optimized with additional keywords. No – you name some of your images “breast. In this article, I will show you the best Word – Press SEO plugins you need to use in order to boost your search engine rankings and get more traffic to your blog. A well-formed internal linking structure and good sitemap can ensure all pages of a website being indexed by a search engine. 4) Managing your online business. When a person enters a keyword into the search box of a particular search engine such as Google, there will be scores of results showing out which are a result of a search engine algorithm devised by that particular search engine. A good web solutions company will always provide you realistic time frame for the results to show up. November 2012.


Reply
BE
Bernhard · 17 years ago

After using WP-reCAPTCHA I’ve minized the numbers of SPAM. Still remaining trackbacks – sometimes hundreds per day.

Deleting those trackbacks could be simple. But you have to differentiate: there are trackbacks coming form websides you would like to discuss with, there are trackbacks from pharmacy and sex you begin to hate.

I would like to know a tool you add the IP address and a trackback of this IP will no longer be shown.


Reply
NE
netsearchworld.com · 17 years ago

And who does not wish to pay for a hosting, is urgent here – the best free web hosting!


Reply
MA
maxmud · 17 years ago

aSvUJA i just whant to say
http://trustedsitelist.com/search.php?q=v-seo-deneg-net


Reply
MI
mike · 17 years ago

Xeto6s hi! how you doin?


Reply
OL
olga · 18 years ago

Good 235rter2rwer23r


Reply
SH
Showbiz Intriga? Get It From Boy! · 18 years ago

OMG! i believe this is culprit, that’s why last month my host server to crash several times and my blog too..

CHMOD to 000?is it just like deleting the wp.trackback thing??


Reply
SE
SELaplana · 18 years ago

i don’t know if my selaplana.com experience this. i tried to investigate but i don’t know yet how to know if the blog has been attacked by this kind.


Reply
AS
ash · 18 years ago

oh!.. still great it’s fixed… thanks.


Reply
AB
Abe Olandres Editor-in-chief · 18 years ago

@ash, that’s the only way I was able to detect the attack. caused the server to slow down and crash at times. Looks like your blog is on that server too.


Reply
AS
ash · 18 years ago

wait. how would I be certain that I am being attacked? is it when I see the wp-trackback.php on the anlytics?

I noticed some slowdown and database error yesterday on my blogs…


Reply
DA
Dark Knight · 18 years ago

I can’t believe people are doing this to my blog. Tsk. Tsk.

:)
Dark Knight
BlueMumble


Reply

Leave a Reply