Pingback

A pingback is one of four types of linkback methods for Web authors to request notification when somebody links to one of their documents. This enables authors to keep track of who is linking to, or referring to their articles. Some weblog software and content management systems, such as WordPress, Movable Type, Serendipity, and Telligent Community, support automatic pingbacks where all the links in a published article can be pinged when the article is published. Other content management systems, such as Drupal and Joomla, support pingbacks through the use of addons or extensions.

Essentially, a pingback is an XML-RPC request (not to be confused with an ICMP ping) sent from Site A to Site B, when an author of the blog at Site A writes a post that links to Site B. The request includes the URI of the linking page. When Site B receives the notification signal, it automatically goes back to Site A checking for the existence of a live incoming link. If that link exists, the pingback is recorded successfully. This makes pingbacks less prone to spam than trackbacks. Pingback-enabled resources must either use an X-Pingback header or contain a <link> element to the XML-RPC script.

Exploits

In March 2014, Akamai published a report about a widely seen exploit involving Pingback that targets vulnerable WordPress sites.[1] This exploit led to massive abuse of legitimate blogs and websites and turned them into unwilling participants in a DDoS attack.[2] Details about this vulnerability have been publicized since 2012.[3]

See also

References

  1. Brenner, Bill. "Anatomy of Wordpress XML-RPC Pingback Attacks". The Akamai Blog, March 31, 2014 5:42 AM. Retrieved July 7, 2014.
  2. Cid, Daniel. "More Than 162,000 WordPress Sites Used for Distributed Denial of Service Attack". Sucuri Blog, March 10, 2014. Retrieved July 7, 2014.
  3. Calin, Bogdan. "WordPress Pingback Vulnerability". Accunetix, December 17, 2012 - 01:17pm. Retrieved July 7, 2014.

External links


This article is issued from Wikipedia - version of the 12/8/2015. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.