{"id":1328,"date":"2021-07-23T06:54:01","date_gmt":"2021-07-23T11:54:01","guid":{"rendered":"https:\/\/www.knownhost.com\/kb\/?p=1328"},"modified":"2022-08-19T08:49:05","modified_gmt":"2022-08-19T13:49:05","slug":"how-are-wordpress-pingbacks-exploited","status":"publish","type":"post","link":"https:\/\/www.knownhost.com\/kb\/how-are-wordpress-pingbacks-exploited\/","title":{"rendered":"How are WordPress Pingbacks Exploited?"},"content":{"rendered":"\n

While you may hear a lot about WordPress exploits, it could be that you\u2019re not familiar with how the pingback mechanism in WordPress works, or how it can be used by dastardly hackers.<\/p>\n\n\n\n

One of the most popular approaches is to use the XML-RPC mechanism, inherent in WordPress, because it gives hackers the ability to push many requests through a single server requests.<\/p>\n\n\n\n

Huh?<\/p>\n\n\n\n

Yes, read that again.  When using xmlrpc.php as a hacking tool, hackers are able to send 1 single request to the server (instead of 50, 100 or 500), but within that 1 request, they can include an entire array of other requests.  Imagine being able to brute force attack a site with thousands of requests, without ever triggering the brute force \/ DDoS defensive systems – it\u2019s a very efficient approach.<\/p>\n\n\n\n

Sucuri, one of the top brands in WordPress security, explains all<\/a> the ins and outs about system.multicall and exactly how this \u201camplification\u201d of attacks occurs within WordPress.  They also publish some fantastic stats related to WordPress security, such as the fact that pingback DDoS attacks account for 13% of all DDoS attacks they track!<\/p>\n\n\n\n

For more about distributed denial of service (DDoS) attacks, check out the KnownHost blog<\/ahref=\"https:><\/p>\n\n\n\n

How are WordPress Pingbacks Spoofed in DDoS Attacks and Login Hacks?<\/h2>\n\n\n\n

Pingbacks are used in about 1\/8th of all DDoS attacks and a large portion of login hacks, largely because they originally weren\u2019t verified before being accepted and added.<\/p>\n\n\n\n

As the Sucuri post explains<\/a>, originally WordPress pingbacks were logged somewhat simplistically.  It wasn\u2019t until version 3.9 that the IP address started being logged and the pingback link verified:<\/p>\n\n\n\n

  WordPress\/4.3.3; http:\/\/168.63.218.68; verifying pingback from 185.130.5.209<\/code><\/pre>\n\n\n\n
In newer versions, additional detail become available:<\/p>\n\n\n\n
  120.25.253.23 \u2013 \u2013 [16\/Feb\/2016:23:45:57 -0500] \u201cGET \/ HTTP\/1.0\u201d 403 5301 \u201c-\u201d \n  \u201cWordPress\/4.2.7; http:\/\/www.fluxstudio-sh.com; verifying pingback from 185.130.5.247\u201d<\/code><\/pre>\n\n\n\n
After you see a number of logged entries all from the same IP, 185.130.5.247, you can do a reverse WHOIS lookup on the IP and find out who is responsible for sending the attacks.  It could very well be that their machine has been compromised and isn\u2019t aware they\u2019re part of a botnet – or it could be that they\u2019re just malicious.<\/p>\n\n\n\n
In the newer example above, the WordPress\/4.2.7 version, origination IP and origination site URL have all been spoofed (completely faked).<\/p>\n\n\n\n
With verification in place, WordPress will check behind the scenes to confirm the site in question has a post with a link to your site.  If it doesn\u2019t, the WordPress pingbacks will never appear in your queue to be approved.<\/p>\n","protected":false},"excerpt":{"rendered":"
While you may hear a lot about WordPress exploits, it could be that you\u2019re not familiar with how the pingback mechanism in WordPress works, or how it can be used by dastardly hackers. One of the most popular approaches is to use the XML-RPC mechanism, inherent in WordPress, because it gives hackers the ability to […]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[146],"tags":[251,166,252,106],"class_list":["post-1328","post","type-post","status-publish","format-standard","hentry","category-wordpress","tag-blogs","tag-bruteforce","tag-cms","tag-wordpress"],"yoast_head":"\nHow are WordPress Pingbacks Exploited? - KnownHost<\/title>\n<meta name=\"description\" content=\"Get more information on how pingbacks can be exploited and how to protect your websites against those attacks.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.knownhost.com\/kb\/how-are-wordpress-pingbacks-exploited\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How are WordPress Pingbacks Exploited? - KnownHost\" \/>\n<meta property=\"og:description\" content=\"Get more information on how pingbacks can be exploited and how to protect your websites against those attacks.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.knownhost.com\/kb\/how-are-wordpress-pingbacks-exploited\/\" \/>\n<meta property=\"og:site_name\" content=\"KnownHost\" \/>\n<meta property=\"article:published_time\" content=\"2021-07-23T11:54:01+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-08-19T13:49:05+00:00\" \/>\n<meta name=\"author\" content=\"Jonathan K. W.\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jonathan K. W.\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.knownhost.com\\\/kb\\\/how-are-wordpress-pingbacks-exploited\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.knownhost.com\\\/kb\\\/how-are-wordpress-pingbacks-exploited\\\/\"},\"author\":{\"name\":\"Jonathan K. W.\",\"@id\":\"https:\\\/\\\/www.knownhost.com\\\/kb\\\/#\\\/schema\\\/person\\\/3db6e20d1f33519cd68fe0ba1230a48b\"},\"headline\":\"How are WordPress Pingbacks Exploited?\",\"datePublished\":\"2021-07-23T11:54:01+00:00\",\"dateModified\":\"2022-08-19T13:49:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.knownhost.com\\\/kb\\\/how-are-wordpress-pingbacks-exploited\\\/\"},\"wordCount\":210,\"keywords\":[\"blogs\",\"bruteforce\",\"cms\",\"wordpress\"],\"articleSection\":[\"WordPress\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.knownhost.com\\\/kb\\\/how-are-wordpress-pingbacks-exploited\\\/\",\"url\":\"https:\\\/\\\/www.knownhost.com\\\/kb\\\/how-are-wordpress-pingbacks-exploited\\\/\",\"name\":\"How are WordPress Pingbacks Exploited? - KnownHost\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.knownhost.com\\\/kb\\\/#website\"},\"datePublished\":\"2021-07-23T11:54:01+00:00\",\"dateModified\":\"2022-08-19T13:49:05+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.knownhost.com\\\/kb\\\/#\\\/schema\\\/person\\\/3db6e20d1f33519cd68fe0ba1230a48b\"},\"description\":\"Get more information on how pingbacks can be exploited and how to protect your websites against those attacks.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.knownhost.com\\\/kb\\\/how-are-wordpress-pingbacks-exploited\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.knownhost.com\\\/kb\\\/how-are-wordpress-pingbacks-exploited\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.knownhost.com\\\/kb\\\/how-are-wordpress-pingbacks-exploited\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.knownhost.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How are WordPress Pingbacks Exploited?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.knownhost.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/www.knownhost.com\\\/kb\\\/\",\"name\":\"KnownHost\",\"description\":\"KnownHost provides a comprehensive webhosting knowledge base to help answer many of your common webhosting and linux questions.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.knownhost.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.knownhost.com\\\/kb\\\/#\\\/schema\\\/person\\\/3db6e20d1f33519cd68fe0ba1230a48b\",\"name\":\"Jonathan K. W.\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f432b99e6651fe8d1deb57a285bd84e806f1c9ae8b4c6c585d7e3a0b33789ad9?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f432b99e6651fe8d1deb57a285bd84e806f1c9ae8b4c6c585d7e3a0b33789ad9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f432b99e6651fe8d1deb57a285bd84e806f1c9ae8b4c6c585d7e3a0b33789ad9?s=96&d=mm&r=g\",\"caption\":\"Jonathan K. W.\"},\"sameAs\":[\"https:\\\/\\\/www.knownhost.com\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How are WordPress Pingbacks Exploited? - KnownHost","description":"Get more information on how pingbacks can be exploited and how to protect your websites against those attacks.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.knownhost.com\/kb\/how-are-wordpress-pingbacks-exploited\/","og_locale":"en_US","og_type":"article","og_title":"How are WordPress Pingbacks Exploited? - KnownHost","og_description":"Get more information on how pingbacks can be exploited and how to protect your websites against those attacks.","og_url":"https:\/\/www.knownhost.com\/kb\/how-are-wordpress-pingbacks-exploited\/","og_site_name":"KnownHost","article_published_time":"2021-07-23T11:54:01+00:00","article_modified_time":"2022-08-19T13:49:05+00:00","author":"Jonathan K. W.","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Jonathan K. W.","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.knownhost.com\/kb\/how-are-wordpress-pingbacks-exploited\/#article","isPartOf":{"@id":"https:\/\/www.knownhost.com\/kb\/how-are-wordpress-pingbacks-exploited\/"},"author":{"name":"Jonathan K. W.","@id":"https:\/\/www.knownhost.com\/kb\/#\/schema\/person\/3db6e20d1f33519cd68fe0ba1230a48b"},"headline":"How are WordPress Pingbacks Exploited?","datePublished":"2021-07-23T11:54:01+00:00","dateModified":"2022-08-19T13:49:05+00:00","mainEntityOfPage":{"@id":"https:\/\/www.knownhost.com\/kb\/how-are-wordpress-pingbacks-exploited\/"},"wordCount":210,"keywords":["blogs","bruteforce","cms","wordpress"],"articleSection":["WordPress"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.knownhost.com\/kb\/how-are-wordpress-pingbacks-exploited\/","url":"https:\/\/www.knownhost.com\/kb\/how-are-wordpress-pingbacks-exploited\/","name":"How are WordPress Pingbacks Exploited? - KnownHost","isPartOf":{"@id":"https:\/\/www.knownhost.com\/kb\/#website"},"datePublished":"2021-07-23T11:54:01+00:00","dateModified":"2022-08-19T13:49:05+00:00","author":{"@id":"https:\/\/www.knownhost.com\/kb\/#\/schema\/person\/3db6e20d1f33519cd68fe0ba1230a48b"},"description":"Get more information on how pingbacks can be exploited and how to protect your websites against those attacks.","breadcrumb":{"@id":"https:\/\/www.knownhost.com\/kb\/how-are-wordpress-pingbacks-exploited\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.knownhost.com\/kb\/how-are-wordpress-pingbacks-exploited\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.knownhost.com\/kb\/how-are-wordpress-pingbacks-exploited\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.knownhost.com\/kb\/"},{"@type":"ListItem","position":2,"name":"How are WordPress Pingbacks Exploited?"}]},{"@type":"WebSite","@id":"https:\/\/www.knownhost.com\/kb\/#website","url":"https:\/\/www.knownhost.com\/kb\/","name":"KnownHost","description":"KnownHost provides a comprehensive webhosting knowledge base to help answer many of your common webhosting and linux questions.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.knownhost.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.knownhost.com\/kb\/#\/schema\/person\/3db6e20d1f33519cd68fe0ba1230a48b","name":"Jonathan K. W.","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f432b99e6651fe8d1deb57a285bd84e806f1c9ae8b4c6c585d7e3a0b33789ad9?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f432b99e6651fe8d1deb57a285bd84e806f1c9ae8b4c6c585d7e3a0b33789ad9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f432b99e6651fe8d1deb57a285bd84e806f1c9ae8b4c6c585d7e3a0b33789ad9?s=96&d=mm&r=g","caption":"Jonathan K. W."},"sameAs":["https:\/\/www.knownhost.com"]}]}},"_links":{"self":[{"href":"https:\/\/www.knownhost.com\/kb\/wp-json\/wp\/v2\/posts\/1328","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.knownhost.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.knownhost.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.knownhost.com\/kb\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.knownhost.com\/kb\/wp-json\/wp\/v2\/comments?post=1328"}],"version-history":[{"count":0,"href":"https:\/\/www.knownhost.com\/kb\/wp-json\/wp\/v2\/posts\/1328\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.knownhost.com\/kb\/wp-json\/wp\/v2\/media?parent=1328"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.knownhost.com\/kb\/wp-json\/wp\/v2\/categories?post=1328"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.knownhost.com\/kb\/wp-json\/wp\/v2\/tags?post=1328"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}