Skip to main content

Protect your apache server from WordPress Pingback DDoS attacks

Apache Logo
Ubuntu Logo
Wordpress Logo

A security researcher at SANS Technology Institute put out an advisory around 8 months ago when he discovered that WordPress’s “pingback” functionality contains an exploit allowing it to request a result from any server that an attacker wishes. This vulnerability means that there are thousands of WordPress installations that can be effectively weaponized to conduct floods against any target site of someone’s desire. This particular attack is dangerous because many servers can be overwhelmed with only 200 blogs “pingbacking” their site, clogging up their limited connections and/or resources.




To confirm if you are under wordpress pingback ddos attack, check your access logs.

$ sudo tail -f /var/log/apache2/access.log

Logs will look like this:

74.86.132.186 - - [09/Mar/2014:11:05:27 -0400] "GET /?4137049=6431829 HTTP/1.0" 403 0 "-" "WordPress/3.8; http://www.mtbgearreview.com"

143.95.250.71 - - [09/Mar/2014:11:05:27 -0400] "GET /?4758117=5073922 HTTP/1.0" 403 0 "-" "WordPress/4.4; http://i-cttech.net"

217.160.253.21 - - [09/Mar/2014:11:05:27 -0400] "GET /?7190851=6824134 HTTP/1.0" 403 0 "-" "WordPress/3.8.1; http://www.intoxzone.fr"

193.197.34.216 - - [09/Mar/2014:11:05:27 -0400] "GET /?3162504=9747583 HTTP/1.0" 403 0 "-" "WordPress/2.9.2; http://www.verwaltungmodern.de"



To block wordpress pingback attack in Apache use this configuration.

$ sudo nano /etc/apache2/apache2.conf



<Directory /var/www/>
        Options -Indexes
        AllowOverride All
        Require all granted
        BrowserMatchNoCase WordPress wordpress_ping
        BrowserMatchNoCase Wordpress wordpress_ping
        Order Deny,Allow
        Deny from env=wordpress_ping
</Directory>


Post a Comment

Popular posts from this blog

CakeAdminLTE is based on AdminLTE Theme for CakePHP 2.4+

CakeAdminLTE v.1.0 CakeAdminLTE is based on Twitter Bootstrap 3.0+ and AdminLTE Theme for CakePHP 2.4+


AdminLTE Dashboard and Control Panel Template Responsive admin template Free & open source Built with Bootstrap 3 Easy to customize Quick StartDownload the .zip fileExtract the files into your CakePHP folderTo enable your theme add the following to your "app/Controller/AppController.php" class:public$theme="CakeAdminLTE";IMPORTANT: If you would like to bake your app, please make sure you have enabled the theme before baking. DOWNLOAD: CakeAdminLTE

CakePHP: COUNT data and GROUP BY date

Goal: Count Tip Offs created per day for a month to use for graph
Problem: created field name is in datetime format: Y-m-d H:i:s
Solution: format SQL Query date: DATE_FORMAT(TipOff.created, '%Y-%m-%d')





Inside the function of controller
<?php$tipOffsMonthly=$this->TipOff->find('all', array('conditions'=>array('AND'=>array('TipOff.electric_cooperatives_id'=>AuthComponent::User('electric_cooperatives_id'), 'TipOff.created BETWEEN ? AND ?'=>array($first_day, $last_day))), 'fields'=>array("COUNT('created') as per_day", 'created'), 'group'=>array("DATE_FORMAT(TipOff.created, '%Y-%m-%d')") ));?>

CakePHP: Calling function from other controller

Import Controller of the function you want to use.

Once you imported  the controller you can call any function of this controller.

<?php//Import controller  App::import('Controller','SmsOutgoings');class ReportsController extends AppController {publicfunctionadd(){$message="Notification: New report submitted!";//Instantiation$SmsOutgoings=new SmsOutgoingsController;//Call a method from SmsOutgoingsControllerwith parameter$SmsOutgoings->notify_user($user_id,$message);}}?> Other way is by using the requestAction() function
<?phpclass ReportsController extends AppController {publicfunctionadd(){$message="Notification: New report submitted!";//Call a method from SmsOutgoingsController with parameter$this->requestAction('/sms_outgoings/notify_user',array($user_id,$message))