They say that the more popular you are, the more attacks you get. This is so true with WordPress right now. The massive code injection and hidden links on WordPress blogs are getting some serious coverage and just tonight I discovered another form of attack — the WP Trackback Spam flooding.
The attack is simple yet effective — flood wp-trackback.php with HTTP requests. It’s like a DDOS actually. There could be several ways to do this:
- Software-driven. I’ve seen some softwares that can do 1,000 HTTP simultaneous requests to a site or specific webpage.
- Code embed. Add the target page (in this case, wp-trackback.php) into a popular page or site which requests for it at every page load. Replicate that on many other high-traffic sites and viola, instant slashdot effect.
- Bots. Similar to a GoogleBot or Yahoo! Metacrawler but these type have malicious intent only goes after a specific page — wp-trackback.php.
It’s hard really. Took me about 6 hours monitoring one of our servers where a blog was attacked. The attack would seem like a Digg-effect or a slashdot effect. However, any anti-Digg solutions would not work — even WP-SuperCache could not fend it off. Then it struck me, maybe the page is not being cached.
A check with the analytics showed this:
WP-Shortstats was tracking it. Thousands of trackback requests for almost all pages in the blog in a matter of hours.
What made it worse is that the wp-shortstats plugin is also recording this — meaning for each page request, there’s a corresponding SQL query executed by Shortstats that’s aggravating the situation.
The result — slow, crawling blog; eventually, an overloaded or crashed server.
The solution? Deactivating trackbacks won’t help. You need to delete wp-trackback.php or CHMOD it to 000. If you can identify the IP, block them too.
Your blog won’t be able to send/receive legit trackbacks but it’s the only solution for now.
Hi there, I would like to subscribe for this weblog to take
most up-to-date updates, therefore where can i do it please assist.
Bekins Moving Company is prepared to offer a host of moving
services for any need that you might have. The services provided by a
Moving Company – A moving company helps companies and folks to relocate
their items from a single spot to an additional whether in the identical town or a
single town to one more. Get help from your pals who’ve
by now hired the movers.
It is truly a great and useful piece of info.
I’m happy that you shared this useful info with us. Please keep us informed like this.
Thank you for sharing.
Thanks for your marvelous posting! I seriously enjoyed reading it, you happen to be a great author.
I will make sure to bookmark your blog and definitely will
come back at some point. I want to encourage you to definitely continue your great writing,
have a nice morning!
Clean and Sand – When the perfect day arrives, you will need to remove any hardware
you do not want painted and clean your laminate furniture off with TSP and a rag.
Sauder wood panels are laminated to give the product a strong, wooden appearance.
It definitely helps us to remain in close
contact with nature while enjoying the scenic splendor.
I adore you for gathering useful info, this post has given me
a lot more info!
Un gros remerciement au créateur du site internet
Hi there everyone, it’s my first visit at this site, and piece
of writing is actually fruitful for me, keep up posting these posts.
Awesome issues here. I’m very happy to peer your article.
Thanks a lot and I’m taking a look forward to contact you.
Will you kindly drop me a mail?