Quick Fix for WordPress Trackback DoS Exploit

Tripawds is a user-supported community. Thank you for your support!

One thing about the WordPress development community, is that they are on top of things when it comes to potential exploits of the system. Just this morning there were numerous reports of Denial of Service (DoS) attacks upon hosted WordPress websites and WPMU blog communities, like this one. Steve Fortuna quickly posted a fix. Within minutes I found the detailed WordPress DoS Attack Script Solutions described in the HashBangCode blog and implemented them on all our sites. The last thing we need is another mysterious server load spike bringing down the Tripawds server.

For anyone interested, and daring enough to follow my directions — note this blog’s tagline — the fix is relatively simple:

Just insert the following to your wp-trackback.php file at line 47:

// DoS attack fix.
if ( strlen($charset) > 50 ) {
die;
}

The HashBangCode blog goes one step further and recommends adding the following at line 57 (assuming you added the above already):

// DoS attack fix.
if ( strlen($title) > 200 ) {
die;
}

For those who may be uncomfortable with editing core files, this plugin stops WordPress trackback DoS attacks.

I understand this all may mean absolutely nothing to Tripawds Bloggers, except to know that we too are on top of things when it comes to keeping Tripawds Blogs Community up and running. But I figure the faster news of fixes like this can be spread, the more likely we are to stop spammers and hackers in their tracks.


125x125-banner.png
Many thanks to drmike for first bringing this to my attention in the WPMU DEV Premium discussion forums. Yet another reason we are happy with our WPMU DEV Premium membership!


To remove ads from your site and others, upgrade to a Tripawds Supporter blog!

Published by

admin

I will always miss Jerry. Readers may notice I write in the plural "We" since he is always at my side in Spirit when moderating these blogs and forums. Learn more about Jerry and how Tripawds came to be at http://tripawds.com/2010/05/11/jerrys-story-how-tripawds-came-to-be/

Leave a Reply

Your email address will not be published. Required fields are marked *