TRIPAWDS: Home to 25112 Members and 2177 Blogs.
HOME » NEWS » BLOGS » FORUMS » CHAT » YOUR PRIVACY » RANDOM BLOG

Quick Fix for WordPress Trackback DoS Exploit

One thing about the WordPress development community, is that they are on top of things when it comes to potential exploits of the system. Just this morning there were numerous reports of Denial of Service (DoS) attacks upon hosted WordPress websites and WPMU blog communities, like this one. Steve Fortuna quickly posted a fix. Within minutes I found the detailed WordPress DoS Attack Script Solutions described in the HashBangCode blog and implemented them on all our sites. The last thing we need is another mysterious server load spike bringing down the Tripawds server.

For anyone interested, and daring enough to follow my directions — note this blog’s tagline — the fix is relatively simple:

Just insert the following to your wp-trackback.php file at line 47:

// DoS attack fix.
if ( strlen($charset) > 50 ) {
die;
}

The HashBangCode blog goes one step further and recommends adding the following at line 57 (assuming you added the above already):

// DoS attack fix.
if ( strlen($title) > 200 ) {
die;
}

For those who may be uncomfortable with editing core files, this plugin stops WordPress trackback DoS attacks.

I understand this all may mean absolutely nothing to Tripawds Bloggers, except to know that we too are on top of things when it comes to keeping Tripawds Blogs Community up and running. But I figure the faster news of fixes like this can be spread, the more likely we are to stop spammers and hackers in their tracks.


125x125-banner.png
Many thanks to drmike for first bringing this to my attention in the WPMU DEV Premium discussion forums. Yet another reason we are happy with our WPMU DEV Premium membership!

New Easy Method for Embedding Videos

It came to my attention that the Unfiltered MU plugin we were using to allow Tripawds Supporters to embed YouTube movies in their blogs, posed a security risk for the entire Tripawds Blogs Community. Apparently it could be used to embed rogue code for the nefarious purpose of stealing login cookies, among other things. And we don’t want any impersonated impersonated users running around here wreaking havoc. It’s not that we don’t trust our members, but we do spend an awful lot of time fighting spam blog registrations.

So, Supporters won’t find Unfiltered MU in their plugins menu anymore. But don’t worry, we’ve already implemented an even easier way to embed movies from all your favorite video sharing sites. And you no longer need to copy the entire embed code or use the HTML editor. Just visit your blog Dashboard -> Plugins -> Installed  -> and Select Viper’s Video QuickTags -> then click Activate. You will then notice a new row of buttons in your Post Editor the next time you update your blog. Simply put your cursor where you want the video to appear — in a new paragraph by itself is recommended — and click the button for your video sharing website. You can then enter the view page and and click Okay. The Viper’s Video QuickTags plugin will do the rest, inserting a quicktag where the video will appear.

A quicktag is a simple snippet of code. In this case, one that will embed a movie from the video’s view page URL entered using the embed buttons. This code will show in your post editor where the video will appear. The video will then display once the post is previewed or published.

Viper’s plugin has detailed online help on your Dashboard -> Settings -> Video Quicktags page which lets you configure preferences for all the different video sharing websites, including what buttons you want displayed in your editor, the default size of embedded videos, and much more. If you still have questions after reading the online help, or need assistance getting the plugin working, please ask in this Tech Support forum topic about how to embed videos.

Please note that all previous blog posts you may have that include an embedded Flash object, like a YouTube or MySpace video, will continue to display the video just fine. That is, until you edit the post! Editing any existing post will strip out the object embed code. You would then need to re-embed the video using the new, easier Quicktags method.

Embedding videos in blog posts is just one of the many enhanced features available to Tripawds Supporter Blogs, made possible with the WPMU Dev Premium Supporter plugin. More details about that coming soon, like how it lets us automatically remove banner ads from Supporter blogs upon upgrade. Any Tripawds Blog can be upgraded via PayPal subscription by visiting your blog Dashboard -> Supporter Tab. Thank you for your continued Support.

I am impressed. And relieved.

WordPress makes importing blogs simple. Now, this may not be specific to MU, in fact it isn’t. But after burying myself in database dumps far too deep for for my liking while migrating Jerry’s original blog to this new Tripawds Blogs community, I was prepared for the worst when users asked about importing existing Blogger blogs to Tripawds.

I knew importing posts and comments would be no problem. But I assumed all images would need to be downloaded and provided to us so we could upload them to the user account account here. Then, I figured I would need export database tables for the new imported blog and search/replace image URLs to point to the proper /blogs.dir/files/ directory. After all, that’s how I had to make images display after finding this helpful post about to migrating from WordPress to WordPress MU.

But you can forget all that. After playing around in my new sandbox, I discovered that image URLs from Blogger posts are absolute and migrate absolutely. I created a test blog on Blogger, then ran the import from my Tripawds blog, and voila! Images displayed just fine. As long as the Blogger (or other blog platform) account remains active, with the hosted image files in place, everything should be just fine. And better yet … no upload space quota is used by those images hosted at Blogger.

The only drawback I noticed was that post labels get imported as categories, instead of tags. But then I bet the WordPress Categories and Tags Converter tool does just that, just as well. It’s amazing what you can learn by actually doing something.

How did we do it?

Migrating Jerry’s regular ol’ WordPress blog to WordPress MU was no easy task. In fact, it was downright nerve-wracking at times. But one look at the growing community of Tripawds Bloggers makes it all worthwhile. Knowing that pawrents are using their Tripawds Blogs to share their stories and photos is heartwarming. And knowing they find it helpful and cathartic when coping with cancer or amputation for their pup is even better.

200x200-banner.pngIt is WPMU that makes the Tripawds Blogs community possible. And I couldn’t have developed this site without the help of many thoughtful experts in the WordPress MU support forums.

But it was our WPMU DEV Premium membership that really helped make it what it is.

Thanks to the premium wpmu plugins and support, we are able to offer all the functionality Tripawds blogs have to offer. This is also how we are able to offer WordPress tutorial videos to help users get started blogging.

Now if only we could figure out a way for this to pay for all our efforts! 😉 But that’s why we have banner ads on blogs and why we implemented Tripawds Supporters to automatically remove those ads upon upgrade. It’s also why we’ll most likely need to have annual fund raising campaigns and why we kindly accept any contributions. Thank you all for your continued support!

But I digress. This particular Tripawds Blog is intended purely for my own technical purposes. I’ll periodically share details about what’s going on behind the scenes here, or simply test new plugins and themes. So don’t expect frequent updates, and I won’t expect anyone to really care what I have to say here. :p

Behind the Scenes is brought to you by Tripawds.
HOME » NEWS » BLOGS » FORUMS » CHAT » YOUR PRIVACY » RANDOM BLOG