They say that the more popular you are, the more attacks you get. This is so true with WordPress right now. The massive code injection and hidden links on WordPress blogs are getting some serious coverage and just tonight I discovered another form of attack — the WP Trackback Spam flooding.
The attack is simple yet effective — flood wp-trackback.php with HTTP requests. It’s like a DDOS actually. There could be several ways to do this:
- Software-driven. I’ve seen some softwares that can do 1,000 HTTP simultaneous requests to a site or specific webpage.
- Code embed. Add the target page (in this case, wp-trackback.php) into a popular page or site which requests for it at every page load. Replicate that on many other high-traffic sites and viola, instant slashdot effect.
- Bots. Similar to a GoogleBot or Yahoo! Metacrawler but these type have malicious intent only goes after a specific page — wp-trackback.php.
It’s hard really. Took me about 6 hours monitoring one of our servers where a blog was attacked. The attack would seem like a Digg-effect or a slashdot effect. However, any anti-Digg solutions would not work — even WP-SuperCache could not fend it off. Then it struck me, maybe the page is not being cached.
A check with the analytics showed this:
WP-Shortstats was tracking it. Thousands of trackback requests for almost all pages in the blog in a matter of hours.
What made it worse is that the wp-shortstats plugin is also recording this — meaning for each page request, there’s a corresponding SQL query executed by Shortstats that’s aggravating the situation.
The result — slow, crawling blog; eventually, an overloaded or crashed server.
The solution? Deactivating trackbacks won’t help. You need to delete wp-trackback.php or CHMOD it to 000. If you can identify the IP, block them too.
Your blog won’t be able to send/receive legit trackbacks but it’s the only solution for now.
Loading ...
I can’t believe people are doing this to my blog. Tsk. Tsk.
Dark Knight
BlueMumble
wait. how would I be certain that I am being attacked? is it when I see the wp-trackback.php on the anlytics?
I noticed some slowdown and database error yesterday on my blogs…
@ash, that’s the only way I was able to detect the attack. caused the server to slow down and crash at times. Looks like your blog is on that server too.
oh!.. still great it’s fixed… thanks.
i don’t know if my selaplana.com experience this. i tried to investigate but i don’t know yet how to know if the blog has been attacked by this kind.
OMG! i believe this is culprit, that’s why last month my host server to crash several times and my blog too..
CHMOD to 000?is it just like deleting the wp.trackback thing??
Good 235rter2rwer23r
Xeto6s hi! how you doin?
aSvUJA i just whant to say
http://trustedsitelist.com/search.php?q=v-seo-deneg-net
And who does not wish to pay for a hosting, is urgent here – the best free web hosting!
After using WP-reCAPTCHA I’ve minized the numbers of SPAM. Still remaining trackbacks – sometimes hundreds per day.
Deleting those trackbacks could be simple. But you have to differentiate: there are trackbacks coming form websides you would like to discuss with, there are trackbacks from pharmacy and sex you begin to hate.
I would like to know a tool you add the IP address and a trackback of this IP will no longer be shown.