It’s possible to get WordPress to help you with a reflective DDoS attack using the pingback feature. For additional info, see https://isc.sans.edu/forums/diary/Wordpress+Pingback+DDoS+Attacks/17801/
In any case, here’s a quick perl script to disable it for all wordpress sites on a server (assuming they haven’t been hacked to re-name the default wp-config.php file). You’ll need to put your mysql root password into it (so delete it after using). If you use the Plesk control panel, a second version is further down which will not require the password being stored in the file.
#!/usr/bin/perl use strict; print "Running 'udpatedb' to refresh file name cache; this may take a while.\n"; system("updatedb"); print "Complete.\n\n"; my @configfiles = `locate -r 'wp-config.php\$'|sort|uniq`; my $dbName; my $dbPrefix; my $debug = '0'; chomp @configfiles; foreach my $file (@configfiles) { if ($debug) { print "Opening $file\n"; } # set if db name and prefix are found my $dbFound = '0'; my $prefixFound = '0'; # read config file open(FP,"$file"); my @config = <FP>; close(FP); # parse config looking for database name & prefix foreach my $line (@config) { chomp $line; if ( $line =~ /^define\('DB_NAME'.*'(.*)'\);/ ) { $dbName = $1; $dbFound = '1'; if ($debug) { print "Found DB_NAME $dbName in $file\n"; } } if ($line =~ /^\$table_prefix.+'(.*)';/) { $dbPrefix = $1; $prefixFound = '1'; if ($debug) { print "Found table_prefix $dbPrefix in $file\n"; } } } if ($dbFound && $prefixFound) { print "Database $dbName with prefix $dbPrefix..."; } else { print "DB name & prefix not found in $file\n"; } if ($dbFound && $prefixFound) { system("mysql -u root --password='MYROOTPASSWORD' -e \"UPDATE ${dbPrefix}options SET option_value = 'closed' WHERE option_name = 'default_ping_status';\" $dbName"); system("mysql -u root --password='MYROOTPASSWORD' -e \"UPDATE ${dbPrefix}posts SET ping_status='closed' WHERE post_status = 'publish' AND post_type = 'post';\" $dbName"); system("mysql -u root --password='MYROOTPASSWORD' -e \"UPDATE ${dbPrefix}posts SET ping_status='closed' WHERE post_status = 'publish' AND post_type = 'page';\" $dbName"); print " updated if no errors were printed.\n"; } }
Here’s the version for Plesk:
#!/usr/bin/perl use strict; print "Running 'udpatedb' to refresh file name cache; this may take a while.\n"; system("updatedb"); print "Complete.\n\n"; my @configfiles = `locate -r 'wp-config.php\$'|sort|uniq`; my $dbName; my $dbPrefix; my $debug = '0'; chomp @configfiles; foreach my $file (@configfiles) { if ($debug) { print "Opening $file\n"; } # set if db name and prefix are found my $dbFound = '0'; my $prefixFound = '0'; # read config file open(FP,"$file"); my @config = <FP>; close(FP); # parse config looking for database name & prefix foreach my $line (@config) { chomp $line; if ( $line =~ /^define\('DB_NAME'.*'(.*)'\);/ ) { $dbName = $1; $dbFound = '1'; if ($debug) { print "Found DB_NAME $dbName in $file\n"; } } if ($line =~ /^\$table_prefix.+'(.*)';/) { $dbPrefix = $1; $prefixFound = '1'; if ($debug) { print "Found table_prefix $dbPrefix in $file\n"; } } } if ($dbFound && $prefixFound) { print "Database $dbName with prefix $dbPrefix..."; } else { print "DB name & prefix not found in $file\n"; } if ($dbFound && $prefixFound) { system("mysql -u admin --password=`cat /etc/psa/.psa.shadow` -e \"UPDATE ${dbPrefix}options SET option_value = 'closed' WHERE option_name = 'default_ping_status';\" $dbName"); system("mysql -u admin --password=`cat /etc/psa/.psa.shadow` -e \"UPDATE ${dbPrefix}posts SET ping_status='closed' WHERE post_status = 'publish' AND post_type = 'post';\" $dbName"); system("mysql -u admin --password=`cat /etc/psa/.psa.shadow` -e \"UPDATE ${dbPrefix}posts SET ping_status='closed' WHERE post_status = 'publish' AND post_type = 'page';\" $dbName"); print " updated if no errors were printed.\n"; } }