Pingback blocked by Firewall: what can I do about it?
If you see the firewall block in your Audit Trail, for example
<span data-identifyelement="493" style="font-family: Terminal, monospace;">\r\n\r\n pingback.ping\r\n \r\n \r\n .............. \r\n \r\n</span>
... this could be a WordPress pingback D/DoS attack, and Shield's firewall blocked it.
A pingback is a way of one site (site A) telling another (site B) that it has linked to their content.
Note that XMLRPC is used for pingbacks, trackbacks, remote access via mobile devices and many other features you’re likely very fond of.
When WordPress receives a pingback, it makes a request back to the source page to check that the link is actually there. Attackers can use this mechanism to specify a genuine link on a WordPress site and an intended victim, which will trigger a HTTP request to the victim's site. You can think of this as a kind of HTTP Reflection attack, in that the attacker can send a relatively small request to an XMLRPC endpoint that supports pingbacks, and trigger a much larger amount of effort and response on the victim's server.
There is no WordPress plugin that can honestly state that they can mitigate a D/DoS attack.
Perhaps the best place to stop such an attack is before the requests even reach your server. And for this, we recommend that every site you manage is run through CloudFlare.
We also recommend you to read:
- WordPress XML-RPC – why and how to block attacks
- What’s the #1 thing I can do for my domain? (video)