17 Jul
2014
17 Jul
'14
6:18 p.m.
Paul Tansom said:
Is anyone else suffering from this pingback ddos at
the moment? My server is
only a low spec one and keeps being brought to its knees by it. Now I've had
the time to actually look at the logs and work out what is happening I'm in the
process of putting some form of protection in there, although the quick fixes
seem to impact functionality. I was just wondering what anyone else had done,
assuming others have been impacted too. Not having read in full detail yet, I'm
wondering why this is just a Wordpress issue. Wouldn't you be able to do the
same thing with any blog or cms that uses pingback?
I haven't seen this, but that's because I turn off pingbacks on all WP
sites. There's a plugin to do it on sites that have had them,
<https://wordpress.org/plugins/disable-xml-rpc-pingback/>, without
totally disabling xml-rpc in case you need it for something else.
If you can't install plugins for some reason, but can access the
database, there's a couple of lines of SQL to turn it off on all
existing pages and posts.
You won't be missing out on anything, because the overwhelming majority
of pingbacks have been 'not good' for years. Turning them off is a part
of setting up a WP site...
There are more WordPress sites, so they get targeted first. The people
developing WP also think that because people like getting comments, they
should leave a new site completely vulnerable to spam comments and
pingbacks and until one issue was fixed, allowed attackers to do things
like probe your server with them.
Ian