Protect your apache server from WordPress Pingback DDoS attacks

A security researcher at SANS Technology Institute put out an advisory around 8 months ago when he discovered that WordPress’s “pingback” functionality contains an exploit allowing it to request a result from any server that an attacker wishes. This vulnerability means that there are thousands of WordPress installations that can be effectively weaponized to conduct floods against any target site of someone’s desire. This particular attack is dangerous because many servers can be overwhelmed with only 200 blogs “pingbacking” their site, clogging up their limited connections and/or resources. To confirm if you are under wordpress pingback ddos attack, check your access logs. $ sudo tail -f /var/log/apache2/access.log Logs will look like this: 74.86.132.186 – – [09/Mar/2014:11:05:27 -0400] “GET /?4137049=6431829 HTTP/1.0? 403 0 “-” “ WordPress /3.8; http://www.mtbgearreview.com” 143.95.250.71 – – [09/Mar/2014:11:05:27 -0400] “GET /?4758117=5073922 HTTP/1.0? 403 0 “-” “ WordPress /4.4; http://i-cttech.net” 217.160.253.21 – – [09/Mar/2014:11:05:27 -0400] “GET /?7190851=6824134 HTTP/1.0? 403 0 “-” “ WordPress /3.8.1; http://www.intoxzone.fr” 193.197.34.216 – – [09/Mar/2014:11:05:27 -0400] “GET /?3162504=9747583 HTTP/1.0? 403 0 “-” “ WordPress /2.9.2; http://www.verwaltungmodern.de” To block wordpress pingback attack in Apache use this configuration. $ sudo nano /etc/apache2/apache2.conf         Options -Indexes         AllowOverride All         Require all granted         BrowserMatchNoCase WordPress wordpress_ping         BrowserMatchNoCase WordPress wordpress_ping         Order Deny,Allow         Deny from env=wordpress_ping Source: https://sherwinrobles.blogspot.ca/2016/05/protect-your-apache-server-wordpress.html

See original article:
Protect your apache server from WordPress Pingback DDoS attacks