Andrew Nevins
(@anevins)
WCLDN 2018 Contributor | Volunteer support
Have you talked to your hosting providers about this?
Thanks for the quick response. My hosting provider is the ones who first told me about the attack. They actually took the site off line for a few hours.
You could turn off Pingbacks and Trackbacks in your settings but not to sure if this a solution. Not to sure how the site directed you there either. I am looking into the legitimacy of the claim for preventing attacks.
Okay. I’ll turn off Pingbacks and Trackbacks. Let me know what you find out.
Thanks!
Pat
In the article:
PS. If you don’t understand why this article figures in your pingback list, while your link isn’t in here : it’s because your blog has been abused to try and DDOS this blog
The solution is not legit (at least for any recent version of WP). The xmlrpc class does check to make sure the pingback IP exists and is safe now.
Line 5776 /includes/class-wp-xmlrpc-server.php
What version of WP are you using? Ensure you are using the latest WordPress version.
The DDoS is not directed to you but rather use your WordPress site as a relay to DDoS the blog you references. The article is about his blog being attacked and how to help people prevent them from DDoS his site. He must of made someone really mad 😉
I’m using the latest version of WP (4.1.1)
So what you’re saying is this guy is getting attacked and my blog is being used and it is just coincidental that my blog underwent a DDoS attack in February?
Correct?
Thanks,
Pat
Yes, in a nut shell, that is what I am getting at. Although the DDoS is not targeted toward you specifically, your servers will pick it up as one (and it does act just like one as well).
If your host caught the traffic, you can get what method was being used and investigate it in more depth.
Great Thanks for looking into this! I appreciate it.
Pat
