Jared Atchison<title>» wordpress fix http://www.jaredatchison.com Websites. Wordpress. Genesis. Tue, 07 Sep 2010 03:09:42 +0000 en hourly 1 WordPress trackback exploit found http://www.jaredatchison.com/2009/10/20/wordpress-trackback-exploit-found/ http://www.jaredatchison.com/2009/10/20/wordpress-trackback-exploit-found/#comments Tue, 20 Oct 2009 16:33:55 +0000 j-atchison http://jaredatchison.com/?p=59 Around 9am (CST) this morning we were alerted via the wp-hackers mailing list that there is an exploit out that affects the latest version of WordPress, v 2.8.4.

If you want to read more about all the technical stuff you can find the original blog post detailing the exploit here.

I wouldn’t say this is critical since your data is not at risk but anytime someone can put heat on your server it is not good.

No word yet if a patch is going to be released in the form of WordPress 2.8.5. There are a few fixes out already however.

There is a chunk of code you can paste into your theme’s functions.php file.

function ft_stop_trackback_dos_attacks(){
	global $pagenow;
	if ( 'wp-trackback.php' == $pagenow ){
		// DoS attack fix.
		if ( isset($_POST['charset']) ){
			$charset = $_POST['charset'];
			if ( strlen($charset) &amp;gt; 50 ) {  die; }
		}
	}
}
add_action('init','ft_stop_trackback_dos_attacks');

There is also already a fix on trac.

]]> http://www.jaredatchison.com/2009/10/20/wordpress-trackback-exploit-found/feed/ 0