O hai let me wanna-be!

Miercuri, 24 Septembrie, Anul 6 d.Tr. | Autor: Mircea Popescu | » Edit «

~ * ~ NOTICE ~ * ~

You are seeing this because your blog was recently used as part of a DDOS attack against Trilema.

The way this works is that the attacker sends pingbacks to a long list of blogs. The blogs in question then load the indicated url to try and verify if the pingback is legitimate (ie, if the url of the pinged blog actually appears on page), resulting in massive traffic spikes for the victim.

This works because WordPress pingbacks are poorly implemented. A more solid implementation would verify if the pingback originates from the same IP as the site that supposedly sent it, and discard the request if there's a mismatch. The current implementation allows pingbacks to be sent by any arbitrary IP, and so allow a malicious user yet another DDOS vector.

Please do your part by fixing your pingbacks implementation. The easiest way would be to open the file xmlrpc.php found in the root directory of your blog installtion, and modify the part that says

		// Let's check the remote site

		$linea = wp_remote_fopen( $pagelinkedfrom );
To instead say
		// Let's check the remote site

// First, make sure we're not being used for DDoS!

if (gethostbyname(parse_url($pagelinkedfrom, PHP_URL_HOST))
  <> $_SERVER['RE