It’s possible to get WordPress to help you with a reflective DDoS attack using the pingback feature. For additional info, see https://isc.sans.edu/forums/diary/Wordpress+Pingback+DDoS+Attacks/17801/
In any case, here’s a quick perl script to disable it for all wordpress sites on a server (assuming they haven’t been hacked to re-name the default wp-config.php file). You’ll need to put your mysql root password into it (so delete it after using). If you use the Plesk control panel, a second version is further down which will not require the password being stored in the file.
#!/usr/bin/perl
use strict;
print "Running 'udpatedb' to refresh file name cache; this may take a while.\n";
system("updatedb");
print "Complete.\n\n";
my @configfiles = `locate -r 'wp-config.php\$'|sort|uniq`;
my $dbName;
my $dbPrefix;
my $debug = '0';
chomp @configfiles;
foreach my $file (@configfiles) {
if ($debug) { print "Opening $file\n"; }
# set if db name and prefix are found
my $dbFound = '0';
my $prefixFound = '0';
# read config file
open(FP,"$file");
my @config = <FP>;
close(FP);
# parse config looking for database name & prefix
foreach my $line (@config) {
chomp $line;
if ( $line =~ /^define\('DB_NAME'.*'(.*)'\);/ ) {
$dbName = $1;
$dbFound = '1';
if ($debug) { print "Found DB_NAME $dbName in $file\n"; }
}
if ($line =~ /^\$table_prefix.+'(.*)';/) {
$dbPrefix = $1;
$prefixFound = '1';
if ($debug) { print "Found table_prefix $dbPrefix in $file\n"; }
}
}
if ($dbFound && $prefixFound) {
print "Database $dbName with prefix $dbPrefix...";
} else {
print "DB name & prefix not found in $file\n";
}
if ($dbFound && $prefixFound) {
system("mysql -u root --password='MYROOTPASSWORD' -e \"UPDATE ${dbPrefix}options SET option_value = 'closed' WHERE option_name = 'default_ping_status';\" $dbName");
system("mysql -u root --password='MYROOTPASSWORD' -e \"UPDATE ${dbPrefix}posts SET ping_status='closed' WHERE post_status = 'publish' AND post_type = 'post';\" $dbName");
system("mysql -u root --password='MYROOTPASSWORD' -e \"UPDATE ${dbPrefix}posts SET ping_status='closed' WHERE post_status = 'publish' AND post_type = 'page';\" $dbName");
print " updated if no errors were printed.\n";
}
}
Here’s the version for Plesk:
#!/usr/bin/perl
use strict;
print "Running 'udpatedb' to refresh file name cache; this may take a while.\n";
system("updatedb");
print "Complete.\n\n";
my @configfiles = `locate -r 'wp-config.php\$'|sort|uniq`;
my $dbName;
my $dbPrefix;
my $debug = '0';
chomp @configfiles;
foreach my $file (@configfiles) {
if ($debug) { print "Opening $file\n"; }
# set if db name and prefix are found
my $dbFound = '0';
my $prefixFound = '0';
# read config file
open(FP,"$file");
my @config = <FP>;
close(FP);
# parse config looking for database name & prefix
foreach my $line (@config) {
chomp $line;
if ( $line =~ /^define\('DB_NAME'.*'(.*)'\);/ ) {
$dbName = $1;
$dbFound = '1';
if ($debug) { print "Found DB_NAME $dbName in $file\n"; }
}
if ($line =~ /^\$table_prefix.+'(.*)';/) {
$dbPrefix = $1;
$prefixFound = '1';
if ($debug) { print "Found table_prefix $dbPrefix in $file\n"; }
}
}
if ($dbFound && $prefixFound) {
print "Database $dbName with prefix $dbPrefix...";
} else {
print "DB name & prefix not found in $file\n";
}
if ($dbFound && $prefixFound) {
system("mysql -u admin --password=`cat /etc/psa/.psa.shadow` -e \"UPDATE ${dbPrefix}options SET option_value = 'closed' WHERE option_name = 'default_ping_status';\" $dbName");
system("mysql -u admin --password=`cat /etc/psa/.psa.shadow` -e \"UPDATE ${dbPrefix}posts SET ping_status='closed' WHERE post_status = 'publish' AND post_type = 'post';\" $dbName");
system("mysql -u admin --password=`cat /etc/psa/.psa.shadow` -e \"UPDATE ${dbPrefix}posts SET ping_status='closed' WHERE post_status = 'publish' AND post_type = 'page';\" $dbName");
print " updated if no errors were printed.\n";
}
}