WordPress vulnerability opens the door to DDOS attacks

A vulnerability in the WordPress blogging platform may be exploited to stage distributed denial-of-service attacks (DDoS), a security firm warned this week.

 

The vulnerability tends to abuse WordPress' Pingback system, which many bloggers use to request notification when someone links to their documents, Acunetix.com said.

 

"This can also be used for distributed DOS (Denial of Service) attacks. An attacker can contact a large number of blogs and ask them to pingback a target URL. All of these blogs will attack the target URL," it said.

 

It said there is no known fix since disabling pingbacks and trackbacks from the Discussion Settings page "doesn't fix the problem either."

 

But it said the issue has been reported to the WordPress Team and will probably be fixed soon.

 

Acunetix suggested that for now, users can rename or delete the xmlrpc.php file, which it said is at the center of the issue. — TJD, GMA News