There is a script knocking about on the internet at the moment that allows an attacker to run some code that will bring your Wordpress blog to it's knees. This will more than likely cause your host to get annoyed as well.
What it does it performs a trackback request to the file wp-trackback.php, but it sends a massive (over 200,000 characters) string that Wordpress will take at face value and accept as a legitimate trackback. The first time this is run Wordpress will write it to the database, but the every time after that it will run a select query to see if the trackback exists. Even though this isn't a legitimate trackback Wordpress will still process it on every request, causing a massive overhead as each large string is processed.
One solution is to simply stop access to the offending file by using an Apache rule in your .htaccess file to prevent all access to this file.
- Order allow,deny
- Deny from all
This might be a good solution if you don't care about trackbacks, but if you want them then there exists another fix that involves changing the wp-trackback.php file to exit if the charset if quite long. Open the file and look for line 47.
- $charset = $_POST['charset'];
- // These three are stripslashed here so that they can be properly escaped after mb_convert_encoding()
Add the following lines:
This will stop any script kiddie from running the exploit script and killing your blog, but you might also want to add a check to make sure that the title variable isn't a stupid size as well. On line 56 (assuming you implemented the previous fix) add the following lines.
This assumes that the trackback's post won't be longer than characters. There might be some legitimate posts that do have titles this long, but it is my opinion that these are probably poor quality posts and so okay to ignore.
Many thanks to Steve Fortuna's post New 0-Day Wordpress Exploit for pointing out and providing a fix to this issue.
Wordpress released an update this morning (V2.8.5) to fix this and other exploits. As usual Wordpress are quick in releasing patches for fixing exploits and vulnerabilities.