News Archives - Lilith Studio

SETTIMA PORTA

In March 2014, Akamai published a report about a widely seen exploit involving Pingback that targets vulnerable WordPress sites. This exploit led to massive abuse of legitimate blogs and websites and turned them into unwilling participants in a DDoS attack.^[2] Details about this vulnerability have been publicized since 2012.^[3]

The pingback attacks consist of “reflection” and “amplification”: an attacker sends a pingback to a legitimate Blog A, but providing information of the legitimate Blog B (impersonation).^[4] Then, Blog A needs to check Blog B for the existence of the informed link, as it’s how the pingback protocol works, and thus it downloads the page off Blog B server’s, causing a reflection.^[4] If the target page is big, this amplifies the attack, because a small request sent to Blog A causes it to make a big request to Blog B.^[4] This can lead to 10x, 20x, and even bigger amplifications (DoS).^[4] It’s even possible to use multiple reflectors, to prevent exhausting each of them, and use the combined amplification power of each to exhaust the target Blog B, being by overloading bandwidth or the server CPU (DDoS).^[4]

WordPress changed a bit how the pingback feature works to mitigate this kind of vulnerability: the IP address that originated the pingback (the attacker address) started being recorded, and thus shown in the log. Notwithstanding, in 2016, pingback attacks continued to exist, supposedly because the website owners don’t check the user agent logs, that have the real IP addresses. It has to be noted that, if the attacker is more than a script kiddie, he will know how to prevent his IP address being recorded, by, for example, sending the request from another machine/site, so that this machine/site IP address is recorded instead, and the IP logging then, becomes less worthy.^[6] Thus, it’s still recommended to disable the pingbacks, to prevent attacking other sites (although this does not prevent being target of attacks).^[5]

March 24, 2020/by Lilith Studio

News

A nice entry

Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem.

Nulla consequat massa quis enim. Donec pede justo, fringilla vel, aliquet nec, vulputate eget, arcu. In enim justo, rhoncus ut, imperdiet a, venenatis vitae, justo. Nullam dictum felis eu pede mollis pretium. Integer tincidunt. Cras dapibus. Vivamus elementum semper nisi. Aenean vulputate eleifend tellus. Aenean leo ligula, porttitor eu, consequat vitae, eleifend ac, enim.

August 24, 2014/0 Comments/by Lilith Studio

News, Personal

Entry with Audio

Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem.

Nulla consequat massa quis enim. Donec pede justo, fringilla vel, aliquet nec, vulputate eget, arcu. In enim justo, rhoncus ut, imperdiet a, venenatis vitae, justo. Nullam dictum felis eu pede mollis pretium. Integer.

Donec posuere vulputate arcu.
Phasellus accumsan cursus velit.
Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae;
Sed aliquam, nisi quis porttitor congue

May 11, 2014/0 Comments/by Lilith Studio

News

Lorem ipsum

Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem.

Nulla consequat massa quis enim.
Donec pede justo, fringilla vel, aliquet nec, vulputate eget, arcu.
In enim justo, rhoncus ut, imperdiet a, venenatis vitae, justo.

Nullam dictum felis eu pede mollis pretium. Integer tincidunt. Cras dapibus. Vivamus elementum semper nisi. Aenean vulputate eleifend tellus. Aenean leo ligula, porttitor eu, consequat vitae, eleifend ac, enim. Aliquam lorem ante, dapibus in, viverra quis, feugiat a, tellus.

February 12, 2014/0 Comments/by Lilith Studio

News, Personal

A small gallery

Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem.

Nulla consequat massa quis enim.
Donec pede justo, fringilla vel, aliquet nec, vulputate eget, arcu.
In enim justo, rhoncus ut, imperdiet a, venenatis vitae, justo.
Nullam dictum felis eu pede mollis pretium. Integer tincidunt. Cras dapibus. Vivamus elementum semper nisi.

Aenean vulputate eleifend tellus. Aenean leo ligula, porttitor eu, consequat vitae, eleifend ac, enim.

January 24, 2013/0 Comments/by Lilith Studio

News

This is a post with post type “Link”

Entries with this post type link to a different page with their headline. Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor.

August 24, 2012/0 Comments/by Lilith Studio

News

A nice post

Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem.

Nulla consequat massa quis enim. Donec pede justo, fringilla vel, aliquet nec, vulputate eget, arcu. In enim justo, rhoncus ut, imperdiet a, venenatis vitae, justo. Nullam dictum felis eu pede mollis pretium. Integer tincidunt. Cras dapibus. Vivamus elementum semper nisi. Aenean vulputate eleifend tellus. Aenean leo ligula, porttitor eu, consequat vitae, eleifend ac, enim.

May 24, 2012/0 Comments/by Lilith Studio

News

This is a post with post format of type Link

Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem. Nulla consequat massa quis enim.

Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus.

January 17, 2012/0 Comments/by Lilith Studio

Frontpage Article, News

This is a standard post format with preview Picture

Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus.

Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem. Nulla consequat massa quis enim. Donec pede justo, fringilla vel, aliquet nec, vulputate eget, arcu. In enim justo, rhoncus ut, imperdiet a, venenatis vitae, justo. Nullam dictum felis eu pede mollis pretium. Integer tincidunt. Cras dapibus. Vivamus elementum semper nisi.

January 14, 2012/0 Comments/by Lilith Studio

News

This is my first post

Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem.

Nulla consequat massa quis enim. Donec pede justo, fringilla vel, aliquet nec, vulputate eget, arcu. In enim justo, rhoncus ut, imperdiet a, venenatis vitae, justo. Nullam dictum felis eu pede mollis pretium. Integer tincidunt. Cras dapibus. Vivamus elementum semper nisi. Aenean vulputate eleifend tellus. Aenean leo ligula, porttitor eu, consequat vitae, eleifend ac, enim.

October 30, 2011/0 Comments/by Lilith Studio