WordPress (WP) is one of the most popular PHP-based content management system (CMS) used for creating websites. WP became popular due to its many dynamic content management features including Pingback through XMLRPC, which sends a notification when other websites link to any one of the WP contents. However, WP XMLRPC Pingback does not have a mechanism to limit and validate whether any Pingback request actually originated from a linked post. Our experiment demonstrated that an attack with as few as 5 online WP websites is sufficient to take down a victim's WP-based website. The proposed countermeasure for this type of attack has then been shown to successfully prevent HTTP-GET attacks at the source.
展开▼