«
»

Attack profile for WordPress sites

Scott Buchanan explains one of the mechanisms by which WordPress sites are attacked by trackback spammers (circa March 2005):

generic cialis online

e=”http://blog.mytechaid.com/archives/2005/03/09/wordpress-trackback-spam-solution/” title=”WordPress Trackback Spam Solution”>
The spam ‘bot will iteratively request “index.php?p=[n],” where n is incremented each time. After each successful request, it will then send a trackback to “wp-trackback.php” for entry number n.

To remedy this, Scott wrote a TB Spam Blocker plugin (downloadable from the link above) which patches viagra online pharmacy this particular hole. From the plugin’s included readme.txt:

This plugin will modify the WordPress permalink generator to include a mod_rewrite rule that blocks

direct access to wp-trackback.php. (It still allows redirected access through cruft-free URLs. Legitimate trackbacks will use the redirected URL, as that will be what appears on your blog.)

A simple fix, though as soon as the spam bots are updated to use the cruft-free trackback URLs (by crawling the site), this solution will stop working.

This entry was posted on Monday, July 25th, 2005 at 3:07 pm by Dan Sandler. It has been filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

One Response to “Attack profile for WordPress sites”

  1. Anti Virus Software says:
    November 22, 2007 at 3:19 am

    Anti Virus Software

    I couldn’t understand some parts of this article, but it sounds interesting