One thing about the WordPress development community, is that they are on top of things when it comes to potential exploits of the system. Just this morning there were numerous reports of Denial of Service (DoS) attacks upon hosted WordPress websites and WPMU blog communities, like this one. Steve Fortuna quickly posted a fix. Within minutes I found the detailed WordPress DoS Attack Script Solutions described in the HashBangCode blog and implemented them on all our sites. The last thing we need is another mysterious server load spike bringing down the Tripawds server.
For anyone interested, and daring enough to follow my directions — note this blog’s tagline — the fix is relatively simple:
Just insert the following to your wp-trackback.php file at line 47:
// DoS attack fix.
if ( strlen($charset) > 50 ) {
die;
}
The HashBangCode blog goes one step further and recommends adding the following at line 57 (assuming you added the above already):
// DoS attack fix.
if ( strlen($title) > 200 ) {
die;
}
For those who may be uncomfortable with editing core files, this plugin stops WordPress trackback DoS attacks.
I understand this all may mean absolutely nothing to Tripawds Bloggers, except to know that we too are on top of things when it comes to keeping Tripawds Blogs Community up and running. But I figure the faster news of fixes like this can be spread, the more likely we are to stop spammers and hackers in their tracks.
Many thanks to drmike for first bringing this to my attention in the WPMU DEV Premium discussion forums. Yet another reason we are happy with our WPMU DEV Premium membership!