New exploit might be out. I got about 200 trackback pings in a couple of hours this morning. None pointed to a website (url's of the form www.asd;lfkjasd;flkj.com and the like). I've removed the mt-tb.cgi file for the time being (and mt-xmlrpc.cgi) I think one of them is the appropriate one to remove to mass prevent trackback pings on old and new entries.

There are several threads going on this already, in several different strings. Check out Bug reports.

There are several fixes for this.

I didn't see any threads on that subject. Link?

Here
and
Here

are two. I saw a few more, I think. PM me if those aren't enough.

those are nice, but they are referring to comments. I'm talking about trackback ping flooding. I found a few comments on the subect at musings. It applies a similar throttling mechanism to pings as 2.66? applies to comments.

The ideal solution would check the url and make sure it resolves to the IP of the pinging computer. Sure, that would break a few things here and there, but would be ideal for the majority of users.

The comment and trackback flooding are essentially the same idea. The fixes listed for one, generally work for the other. I've found a combination of the code on musings and blacklist work so far.