This month there was large WordPress Pingback Exploit.
This post is an effort to spread the word to other WordPress users to ensure their blogs aren’t used in attacks going forward.
At issue is the “pingback” function, a feature built into WordPress and plenty of other CMS tools that is designed to notify (or ping) a site that you linked to their content. Unfortunately, like most things useful on the Web, the parasites and lowlifes of the world are turning pingbacks into a feature to be disabled, lest it be used to attack others.
And that is exactly what’s going on. Earlier this week, Web site security firm Sucuri Security warned that it has seen attackers abusing the pingback function built into more than 160,000 WordPress blogs to launch crippling attacks against other sites.
“Any WordPress site with Pingback enabled (which is on by default) can be used in DDOS attacks against other sites,” Sucuri’s Daniel Cid wrote. “One attacker can use thousands of popular and clean WordPress sites to perform their DDOS attack, while being hidden in the shadows, and that all happens with a simple ping back request.”
Fix for New Posts
Bloggers can disable pingback on posts by clicking “Settings” then “Discussion”, and then unchecking the following options if they are checked:
- Attempt to notify any blogs linked to from the article
- Allow link notifications from other blogs (pingbacks and trackbacks)
Unfortunately, Cid said, this only appears to prevent pingbacks on new blog posts and does nothing to disable pingbacks on posts that are already published for which pingback was previously enabled. Fortunately, you can install
Sucuri has declined to release the list of WordPress sites that are being used in these attacks, but it has posted an online tool that blog administrators can use to learn if their blogs have shown up in attack logs.
Source: Original article by Krebs on Security.
I believe the next WordPress update will fix this exploit, but I highly recommend that you install this plug-in at your earliest convenience.
Did you know that WordPress press is the most popular web site editor on the planet? WordPress press is a great platform for small to large web sites. We’ve had the pleasure of creating many custom as well as pre-designed WordPress sites.
WordPress is amazingly powerful and easy to use as long as you keep up with the WordPress updates. If you haven’t performed the update within the last 5 days I strongly ask that you update now to the latest version. There are some crucial security updates that address some nasty vulnerabilities. If you don’t do this update bad things will happen. Bad this can include SPAM and links to porn sites. ~:-( The good news is the updates are free and the developers promise future security updates will happen automagically.
Start the Update You can perform them yourself or have your webmaster do them for a fee.
What exactly needs to be updated?
You likely need to update 3 things. First update to the latest version of WordPress. Currently it is 3.7.1. Next you need to update any and all plug-ins. Lastly, you need to update any themes that you currently have installed. I recommend that if you aren’t using an installed theme, you either update it or get rid of it. If this makes sense please make the updates ASAP. If not you should contact your webmaster right away.
Disclaimers: I do have to say that you simply must perform this update and it might break things. If the installer recommends you make a backup of your database, well then so do I.
How can I help save the world?
Thanks for asking. I would really appreciate if you would share this article with anyone that you know that has a web site. There is a fair chance they are using WordPress and informing them of this mission critical update might just save their day and possibly the world. ~:-)
If you need help with your WordPress Updates, let us know. We are here to help.
Please Help Stop SOPA/PIPA
omOriginals Marketing! rarely engages in politics. The act if passed would greatly reshape the internet as we know it.
WordPress officially released its stance on SOPA/PIPA – the Stop Online Piracy Act and the Protect IP Act – which will soon come up for vote in the US legislature. We ask that you learn more and Help Stop SOPA/PIPA.
Be sure to watch the short video.
We agree with those that have come out publicly against these bills, and we’d like to encourage you to join in the fight to stop them from becoming law.
For our non-American friends, the effects of these laws would most likely be felt around the world, making this a global issue of great importance to our web community.
You would think that laws that have such cute and friendly names as Stop Piracy would be good for everyone, but most of us that make a living working with content on the web have major concerns.