YugaTech | Philippines, Technology News & Reviews

Philippines, Technology News & Reviews


WP Trackback Spam Attack

Published by: yuga under: Wordpress.

posted: April 9th, 2008

They say that the more popular you are, the more attacks you get. This is so true with WordPress right now. The massive code injection and hidden links on WordPress blogs are getting some serious coverage and just tonight I discovered another form of attack — the WP Trackback Spam flooding.

The attack is simple yet effective — flood wp-trackback.php with HTTP requests. It’s like a DDOS actually. There could be several ways to do this:

  • Software-driven. I’ve seen some softwares that can do 1,000 HTTP simultaneous requests to a site or specific webpage.
  • Code embed. Add the target page (in this case, wp-trackback.php) into a popular page or site which requests for it at every page load. Replicate that on many other high-traffic sites and viola, instant slashdot effect.
  • Bots. Similar to a GoogleBot or Yahoo! Metacrawler but these type have malicious intent only goes after a specific page — wp-trackback.php.

It’s hard really. Took me about 6 hours monitoring one of our servers where a blog was attacked. The attack would seem like a Digg-effect or a slashdot effect. However, any anti-Digg solutions would not work — even WP-SuperCache could not fend it off. Then it struck me, maybe the page is not being cached.

A check with the analytics showed this:

wordpress trackback

WP-Shortstats was tracking it. Thousands of trackback requests for almost all pages in the blog in a matter of hours.

What made it worse is that the wp-shortstats plugin is also recording this — meaning for each page request, there’s a corresponding SQL query executed by Shortstats that’s aggravating the situation.

The result — slow, crawling blog; eventually, an overloaded or crashed server.

The solution? Deactivating trackbacks won’t help. You need to delete wp-trackback.php or CHMOD it to 000. If you can identify the IP, block them too.

Your blog won’t be able to send/receive legit trackbacks but it’s the only solution for now.

permalink

Enter your email address:

Related Entries:


8 Responses to “WP Trackback Spam Attack”

Feed for this Entry / Trackback Address

  1. Gravatar Icon Dark Knight replied on Apr 9th, 2008 at 11:15 am (1)

    I can’t believe people are doing this to my blog. Tsk. Tsk.

    :)
    Dark Knight
    BlueMumble

  2. Gravatar Icon ash replied on Apr 9th, 2008 at 12:16 pm (2)

    wait. how would I be certain that I am being attacked? is it when I see the wp-trackback.php on the anlytics?

    I noticed some slowdown and database error yesterday on my blogs…

  3. Gravatar Icon yuga replied on Apr 9th, 2008 at 3:43 pm (3)

    @ash, that’s the only way I was able to detect the attack. caused the server to slow down and crash at times. Looks like your blog is on that server too.

  4. Gravatar Icon ash replied on Apr 10th, 2008 at 8:41 am (4)

    oh!.. still great it’s fixed… thanks.

  5. Gravatar Icon SELaplana replied on Apr 10th, 2008 at 3:33 pm (5)

    i don’t know if my selaplana.com experience this. i tried to investigate but i don’t know yet how to know if the blog has been attacked by this kind.

  6. Gravatar Icon Showbiz Intriga? Get It From Boy! replied on Apr 14th, 2008 at 10:36 pm (6)

    OMG! i believe this is culprit, that’s why last month my host server to crash several times and my blog too..

    CHMOD to 000?is it just like deleting the wp.trackback thing??

  7. Gravatar Icon olga replied on Sep 14th, 2008 at 11:08 am (7)

    Good 235rter2rwer23r

Leave a Reply

« Pizza.com sold for $2.6 Million
Video Hosting on Flickr »
Technology & Computers - Top Blogs Philippines hit counter
Find Job Agencies Orlando Now!