Protect your apache server from WordPress Pingback DDoS attacks

-
Apache Logo
Ubuntu Logo
Wordpress Logo

 A security researcher at SANS Technology Institute put out an advisory around 8 months ago when he discovered that WordPress’s “pingback” functionality contains an exploit allowing it to request a result from any server that an attacker wishes. This vulnerability means that there are thousands of WordPress installations that can be effectively weaponized to conduct floods against any target site of someone’s desire. This particular attack is dangerous because many servers can be overwhelmed with only 200 blogs “pingbacking” their site, clogging up their limited connections and/or resources.




To confirm if you are under wordpress pingback ddos attack, check your access logs.

$ sudo tail -f /var/log/apache2/access.log

Logs will look like this:

74.86.132.186 - - [09/Mar/2014:11:05:27 -0400] "GET /?4137049=6431829 HTTP/1.0" 403 0 "-" "WordPress/3.8; http://www.mtbgearreview.com"

143.95.250.71 - - [09/Mar/2014:11:05:27 -0400] "GET /?4758117=5073922 HTTP/1.0" 403 0 "-" "WordPress/4.4; http://i-cttech.net"

217.160.253.21 - - [09/Mar/2014:11:05:27 -0400] "GET /?7190851=6824134 HTTP/1.0" 403 0 "-" "WordPress/3.8.1; http://www.intoxzone.fr"

193.197.34.216 - - [09/Mar/2014:11:05:27 -0400] "GET /?3162504=9747583 HTTP/1.0" 403 0 "-" "WordPress/2.9.2; http://www.verwaltungmodern.de"



To block wordpress pingback attack in Apache use this configuration.

$ sudo nano /etc/apache2/apache2.conf
<Directory /var/www/>
        Options -Indexes
        AllowOverride All
        Require all granted
        BrowserMatchNoCase WordPress wordpress_ping
        BrowserMatchNoCase Wordpress wordpress_ping
        Order Deny,Allow
        Deny from env=wordpress_ping
</Directory>

Comments

Post a Comment

Popular posts from this blog

CakePHP 4: Firebase Cloud Messaging Component in CakePHP for Push Notification

-
Image
Easily deploy an SSD cloud server on @DigitalOcean in 55 seconds. Sign up using this link and receive $100 in cloud credits: https://m.do.co/t/335732d1df0b <?php namespace   App\Controller\Component ; use  Cake\Controller\ Component ; use  Cake\Http\ Client ; class   FirebaseComponent   extends   Component {         public   function   headers () {         $header  =    [ 'headers'   =>    [                                          'Accept'   =>   'application/json' ,                                          'Content-Type'   =>   'application/json' ,                                          'Authorization'   =>   'key=AAAAeh0kVhs4ums9A0SYyO2xbCgXvT_jfUUi-0jXs0GfMpZ5DZPqKylqht-TPXGPiqFVj81hBPLL_st9NkjspAarhbfufFHBQN_7'                                     ]                     ];          return  $header;     }      public   function   sendSingleNotification ()  //FCM     {         $fcToken  =   'e_tHOI1XT3udZvMYS
Read more

CakePHP 4 : Using Component inside Command ( Shell )

-
Image
Easily deploy an SSD cloud server on @DigitalOcean in 55 seconds. Sign up using this link and receive $100 in cloud credits: https://m.do.co/t/335732d1df0b src>Command>AppCommand.php <?php namespace   App\Command ; use  Cake\Console\ Arguments ; use  Cake\Console\ Command ; use  Cake\Console\ ConsoleIo ; use  Cake\Console\ ConsoleOptionParser ; use  Cake\Http\ Client ; use  Cake\Log\ Log ; //need this two line use  Cake\Controller\ ComponentRegistry ; use  App\Controller\Component\ FirebaseComponent ; class   AppCommand   extends   Command {      protected   function   buildOptionParser ( ConsoleOptionParser  $parser) :   ConsoleOptionParser     {         $parser -> addArgument ( 'command' , [ 'help'   =>   'What your parameter?' ]);         $parser -> addArgument ( 'params' , [ 'help'   =>   'What your parameter?' ]);          return  $parser;     }      public   function   execute ( Arguments  $args,  ConsoleIo  $io
Read more

CakePHP: COUNT data and GROUP BY date

-
Image
Easily deploy an SSD cloud server on @DigitalOcean in 55 seconds. Sign up using this link and receive $100 in cloud credits: https://m.do.co/t/335732d1df0b Goal: Count Tip Offs created per day for a month to use for graph Problem: created field name is in datetime format: Y-m-d H:i:s Solution: format SQL Query date: DATE_FORMAT(TipOff.created, '%Y-%m-%d') Inside the function of controller <?php $ tipOffsMonthly = $ this -> TipOff -> find( ' all ' , array ( ' conditions ' => array ( ' AND ' => array ( ' TipOff.electric_cooperatives_id ' => AuthComponent :: User ( ' electric_cooperatives_id ' ) , ' TipOff.created BETWEEN ? AND ? ' => array ( $ first_day , $ last_day ) ) ) ,
Read more