Quick Fix for WordPress Trackback DoS Exploit

Tripawds is a user-supported community. Thank you for your support!

One thing about the WordPress development community, is that they are on top of things when it comes to potential exploits of the system. Just this morning there were numerous reports of Denial of Service (DoS) attacks upon hosted WordPress websites and WPMU blog communities, like this one. Steve Fortuna quickly posted a fix. Within minutes I found the detailed WordPress DoS Attack Script Solutions described in the HashBangCode blog and implemented them on all our sites. The last thing we need is another mysterious server load spike bringing down the Tripawds server.

For anyone interested, and daring enough to follow my directions — note this blog’s tagline — the fix is relatively simple:

Just insert the following to your wp-trackback.php file at line 47:

// DoS attack fix.
if ( strlen($charset) > 50 ) {
die;
}

The HashBangCode blog goes one step further and recommends adding the following at line 57 (assuming you added the above already):

// DoS attack fix.
if ( strlen($title) > 200 ) {
die;
}

For those who may be uncomfortable with editing core files, this plugin stops WordPress trackback DoS attacks.

I understand this all may mean absolutely nothing to Tripawds Bloggers, except to know that we too are on top of things when it comes to keeping Tripawds Blogs Community up and running. But I figure the faster news of fixes like this can be spread, the more likely we are to stop spammers and hackers in their tracks.


125x125-banner.png
Many thanks to drmike for first bringing this to my attention in the WPMU DEV Premium discussion forums. Yet another reason we are happy with our WPMU DEV Premium membership!


To remove ads from your site and others, upgrade to a Tripawds Supporter blog!

I am impressed. And relieved.

Tripawds is a user-supported community. Thank you for your support!

WordPress makes importing blogs simple. Now, this may not be specific to MU, in fact it isn’t. But after burying myself in database dumps far too deep for for my liking while migrating Jerry’s original blog to this new Tripawds Blogs community, I was prepared for the worst when users asked about importing existing Blogger blogs to Tripawds.

I knew importing posts and comments would be no problem. But I assumed all images would need to be downloaded and provided to us so we could upload them to the user account account here. Then, I figured I would need export database tables for the new imported blog and search/replace image URLs to point to the proper /blogs.dir/files/ directory. After all, that’s how I had to make images display after finding this helpful post about to migrating from WordPress to WordPress MU.

But you can forget all that. After playing around in my new sandbox, I discovered that image URLs from Blogger posts are absolute and migrate absolutely. I created a test blog on Blogger, then ran the import from my Tripawds blog, and voila! Images displayed just fine. As long as the Blogger (or other blog platform) account remains active, with the hosted image files in place, everything should be just fine. And better yet … no upload space quota is used by those images hosted at Blogger.

The only drawback I noticed was that post labels get imported as categories, instead of tags. But then I bet the WordPress Categories and Tags Converter tool does just that, just as well. It’s amazing what you can learn by actually doing something.

How did we do it?

Migrating Jerry’s regular ol’ WordPress blog to WordPress MU was no easy task. In fact, it was downright nerve-wracking at times. But one look at the growing community of Tripawds Bloggers makes it all worthwhile. Knowing that pawrents are using their Tripawds Blogs to share their stories and photos is heartwarming. And knowing they find it helpful and cathartic when coping with cancer or amputation for their pup is even better.

200x200-banner.pngIt is WPMU that makes the Tripawds Blogs community possible. And I couldn’t have developed this site without the help of many thoughtful experts in the WordPress MU support forums.

But it was our WPMU DEV Premium membership that really helped make it what it is.

Thanks to the premium wpmu plugins and support, we are able to offer all the functionality Tripawds blogs have to offer. This is also how we are able to offer WordPress tutorial videos to help users get started blogging.

Now if only we could figure out a way for this to pay for all our efforts! 😉 But that’s why we have banner ads on blogs and why we implemented Tripawds Supporters to automatically remove those ads upon upgrade. It’s also why we’ll most likely need to have annual fund raising campaigns and why we kindly accept any contributions. Thank you all for your continued support!

But I digress. This particular Tripawds Blog is intended purely for my own technical purposes. I’ll periodically share details about what’s going on behind the scenes here, or simply test new plugins and themes. So don’t expect frequent updates, and I won’t expect anyone to really care what I have to say here. :p