They say that the more popular you are, the more attacks you get. This is so true with WordPress right now. The massive code injection and hidden links on WordPress blogs are getting some serious coverage and just tonight I discovered another form of attack — the WP Trackback Spam flooding.
The attack is simple yet effective — flood wp-trackback.php with HTTP requests. It’s like a DDOS actually. There could be several ways to do this:
- Software-driven. I’ve seen some softwares that can do 1,000 HTTP simultaneous requests to a site or specific webpage.
- Code embed. Add the target page (in this case, wp-trackback.php) into a popular page or site which requests for it at every page load. Replicate that on many other high-traffic sites and viola, instant slashdot effect.
- Bots. Similar to a GoogleBot or Yahoo! Metacrawler but these type have malicious intent only goes after a specific page — wp-trackback.php.
It’s hard really. Took me about 6 hours monitoring one of our servers where a blog was attacked. The attack would seem like a Digg-effect or a slashdot effect. However, any anti-Digg solutions would not work — even WP-SuperCache could not fend it off. Then it struck me, maybe the page is not being cached.
A check with the analytics showed this:
WP-Shortstats was tracking it. Thousands of trackback requests for almost all pages in the blog in a matter of hours.
What made it worse is that the wp-shortstats plugin is also recording this — meaning for each page request, there’s a corresponding SQL query executed by Shortstats that’s aggravating the situation.
The result — slow, crawling blog; eventually, an overloaded or crashed server.
The solution? Deactivating trackbacks won’t help. You need to delete wp-trackback.php or CHMOD it to 000. If you can identify the IP, block them too.
Your blog won’t be able to send/receive legit trackbacks but it’s the only solution for now.
I can’t believe people are doing this to my blog. Tsk. Tsk.
:)
Dark Knight
BlueMumble
wait. how would I be certain that I am being attacked? is it when I see the wp-trackback.php on the anlytics?
I noticed some slowdown and database error yesterday on my blogs…
@ash, that’s the only way I was able to detect the attack. caused the server to slow down and crash at times. Looks like your blog is on that server too.
oh!.. still great it’s fixed… thanks.
i don’t know if my selaplana.com experience this. i tried to investigate but i don’t know yet how to know if the blog has been attacked by this kind.
Twitter: getitfromboy
says:
OMG! i believe this is culprit, that’s why last month my host server to crash several times and my blog too..
CHMOD to 000?is it just like deleting the wp.trackback thing??
[...] WP Trackback Spam Attack | YugaTech | Philippines, Technology News … [...]
Good 235rter2rwer23r
Xeto6s hi! how you doin?
aSvUJA i just whant to say
http://trustedsitelist.com/search.php?q=v-seo-deneg-net
[...] WP Trackback Spam Attack | YugaTech | Philippines, Technology News … [...]
And who does not wish to pay for a hosting, is urgent here – the best free web hosting!
After using WP-reCAPTCHA I’ve minized the numbers of SPAM. Still remaining trackbacks – sometimes hundreds per day.
Deleting those trackbacks could be simple. But you have to differentiate: there are trackbacks coming form websides you would like to discuss with, there are trackbacks from pharmacy and sex you begin to hate.
I would like to know a tool you add the IP address and a trackback of this IP will no longer be shown.
As we all know, looks can be deceiving, so I decided
to try out the question tool for myself. ”. You can then take a hard look at the companies that come up for that particular keyword.
Naturally, they will flock to your competitor who does.
Thus, in minimum cost, you get an opportunity to increase your site ranking on Search Engine Result Page (SERP).
The major preference is for offshore SEO companies as they offer SEO at the most competitive
prices. Pages and articles are very different, as far as Joomla is concerned.
Lastly, make sure that you have a reliable work-at-home office.
Configure You – Tube settings by changing the default settings to your preferred and secure preferences.
What are the advantages of article submission. organic
search, frequency of blog posts, frequency of on-page optimization, the relative importance of links,
the use of social media, the best way to measure results, etc.
If your website deals with certain products or services, then
conduct a proper research on these and then form your SEO content.
‘ Every page should be optimized with additional keywords. No – you name some of your images “breast. In this article, I will show you the best Word – Press SEO plugins you need to use in order to boost your search engine rankings and get more traffic to your blog. A well-formed internal linking structure and good sitemap can ensure all pages of a website being indexed by a search engine. 4) Managing your online business. When a person enters a keyword into the search box of a particular search engine such as Google, there will be scores of results showing out which are a result of a search engine algorithm devised by that particular search engine. A good web solutions company will always provide you realistic time frame for the results to show up. November 2012.
That is a very good tip particularly to those fresh to the blogosphere.
Simple but very accurate information… Thanks for sharing this one.
A must read article!
Everything becomes less clear when you enter grey hat territory.
an enquiry engine may be a database of internet sites.
But it is extremely important that anyone looking to hire an SEO professional be aware of the differences.
Great items from you, man. I’ve understand your stuff prior to and you’re just extremely wonderful.
I actually like what you have bought here, certainly like what you are saying and the best way
in which you say it. You are making it entertaining and you continue to take care of to stay it sensible.
I can’t wait to learn much more from you. This is actually a terrific web site.
My brother suggested I may like this blog. He used to be entirely right.
This publish actually made my day. You can not believe simply how
a lot time I had spent for this information! Thanks!