[wp-hackers] RE: wp-hackers Digest, Vol 14,
Issue 6 - DdoS and Wordpress
nimrod
nimrod at kung-foo.de
Fri Mar 3 12:32:09 GMT 2006
gentlemen,
denial of service attacks or distributed ones have different methods but DO
NOT aim a software blog (like wordpress).
a software blog is not responsible for a thing which most expensive hardware
firewalls cant handle (we are talking about a difference of 5 osi layers).
so i totally stick with the answer of mr deaton.
regards,
nimrod
> On 3/3/06, Roy Schestowitz <r at schestowitz.com> wrote:
> People could start a commotion over other aspects which are consiered
> more serious 'vulnerabilities'. Users could argue about serious
> matters like the reluctance to lock WordPress after a particular
> number of failed logins
> (still?) or the disclusion of 'out of the box' DDOS attack protection.
> On Fri, 3 Mar 2006 Robert Deaton <false.hopes at gmail.com> wrote in
response:
> DDOS protection comes at a level much earlier than WordPress, and in order
> for WordPress itself to know that it may be coming under DDOS, WordPress
> has to store additional data in the database or on the filesystem. Each
write
> is more harmful than the last, and really trying to stop DDOS attacks is
opening yourself up to more.
> DDOS at this level is targetting the hardware and the underlying
components
> of a website, the HTTP server, the network stack, the bandwidth limits of
your PCI buses, not the
> software, and anyone who argues that WordPress needs builtin DDOS
protection is a fool imho.
More information about the wp-hackers
mailing list