Signature Detail

Short Name	HTTP:PHP:WP-XML-RPC-PINGBACK-PP
Severity	Medium
Recommended	No
Recommended Action	Drop
Category	HTTP
Keywords	WP WordPress DDoS Pingback XML RPC
Release Date	2014/07/23
Update Number	2402
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: WordPress Pingback Via Patsy Proxy

This signature detects WordPress Pingbacks sent through a "Patsy Proxy". The WordPress XML RPC system has a flaw that allows a Traffic Amplification Distributed Denial of Service (DDoS) attack by sending a "Pingback" to a WordPress-enabled site that allows XML RPC, which then forwards the attack to another site. The source IP address of this attack is the "Patsy Proxy" that has the Pingback functionality enabled and is being used to attack the destination IP address.

References

URL: http://blog.sucuri.net/2014/03/more-than-162000-wordpress-sites-used-for-distributed-denial-of-service-attack.html

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: WordPress Pingback Via Patsy Proxy

References