HTTP: WordPress Pingback Via Patsy Proxy
This signature detects WordPress Pingbacks sent through a "Patsy Proxy". The WordPress XML RPC system has a flaw that allows a Traffic Amplification Distributed Denial of Service (DDoS) attack by sending a "Pingback" to a WordPress-enabled site that allows XML RPC, which then forwards the attack to another site. The source IP address of this attack is the "Patsy Proxy" that has the Pingback functionality enabled and is being used to attack the destination IP address.
Short Name
HTTP:PHP:WP-XML-RPC-PINGBACK-PP
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Patsy Pingback Proxy Via WordPress
Release Date
07/23/2014
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3324
False Positive
Unknown