Wordpress Pingback Attack

This attack makes use of the pingback/trackback feature to generate a lot of traffic to a target via many third-party uncompromised Wordpress servers. This is because when this request is made (via xmlrpc.php) to a server, it will attempt to download data from the target server.

These links describe the attack:

• http://blog.spiderlabs.com/2014/03/wordpress-xml-rpc-pingback-vulnerability-analysis.html
• http://www.computerweekly.com/news/2240215998/More-the-162000-WordPress-sites-used-in-DDoS-attack

Here are some suggested solutions:

• http://wordpress.org/support/topic/xmlrpcphp-attack-on-wordpress-38
• http://wordpress.org/support/topic/resolving-xmlrpcphp-ddos-attack-with-htaccess-redirect
• http://antti.vilpponen.net/2013/08/26/how-to-mitigate-a-wordpress-xmlrpc-php-attack/