[wp-hackers] New Security Vulnerability?
David Chait
davebytes at comcast.net
Thu Mar 9 19:31:01 GMT 2006
Steve, you mind posting that as a reply on the sf website?
Also, seriously, isn't pretty much every script on every website is
susceptible to some form, better or worse, of DoS attack? Is there anything
unique to WP here? Wouldn't ANY hacker script that quickly, repeatedly
opens up near-unlimited sockets to a website be a "DoS attack"? Aside from
the particular 'mechanics' of registering a user, why is this any 'more' of
a DoS than anything else?
And I assume since mod_security can filter this, that any adaptive
hardware/anti-DoS firewall should pick up on a single IP trying to open
hundreds/thousands of connections to a particular box, right?
While we're at it, why is DoS being called a 'security vulnerability'? It's
a service, uptime vulnerability -- totally different class of issues, and
not one the average joe should ever have to worry about (frankly, if someone
wants to launch a DoS attack on an average joe's site, there isn't a single
thing average joe can do about it -- it's up to the OS, drivers, hardware,
firewalls, sysadmins, NOCs, etc. Or at least that's my view of the world.
-d
----- Original Message -----
From: "steve caturan" <scaturan at negimaki.com>
To: <wp-hackers at lists.automattic.com>
Sent: Thursday, March 09, 2006 1:35 PM
Subject: Re: [wp-hackers] New Security Vulnerability?
| thanks for the heads up. now I have a mod_security ruleset for it.
|
| SecFilterSelective
| "THE_REQUEST" "wp-register.php"
| "id:1004,deny,log,status:412"
| #SecFilterRemove 1004
|
|
|
| Joey B wrote:
| > Someone in IRC came in and asked about this link:
| >
| > http://www.securityfocus.com/archive/1/427152/30/0/threaded
| >
| > Figured I'd post it here since I haven't seen anyone else do so yet.
| >
| > --
| > Joey Brooks
| > Milk Carton Designs || milkcartondesigns.com
| > _______________________________________________
| > wp-hackers mailing list
| > wp-hackers at lists.automattic.com
| > http://lists.automattic.com/mailman/listinfo/wp-hackers
| >
| >
| >
|
|
| _______________________________________________
| wp-hackers mailing list
| wp-hackers at lists.automattic.com
| http://lists.automattic.com/mailman/listinfo/wp-hackers
|
More information about the wp-hackers
mailing list