[wp-trac] Re: [WordPress Trac] #4137: Pingback Denial of Service
possibility
WordPress Trac
wp-trac at lists.automattic.com
Wed Jul 4 15:26:53 GMT 2007
#4137: Pingback Denial of Service possibility
-------------------------------------------------------------------------+--
Reporter: foobarwp12 | Owner: pishmishy
Type: defect | Status: assigned
Priority: high | Milestone: 2.3 (trunk)
Component: Security | Version: 2.1.3
Severity: normal | Resolution:
Keywords: xmlrpc ddos possibility has-patch 2nd-opinion needs-testing |
-------------------------------------------------------------------------+--
Comment (by Otto42):
You may want to set the CURLOPT_RANGE parameter as well. On servers that
support it (HTTP 1.1, some FTP's), it will limit the server to only
returning the amount of data you want. On those that don't support it, it
won't have any effect.
I would also suggest setting CURLOPT_BUFFERSIZE (only for PHP5 and up) to
some value like 4096 or something. I think the default action of curl in
the way you're using it will simply retrieve the whole page and return it
to your read function as a single string, or as some really large buffer
or something.
Using a CURLOPT_TIMEOUT of some value, like 30-60 seconds, would also
limit the impact from this sort of thing.
Essentially, there's no certain way to make curl stop retrieving data. But
these would at least help.
--
Ticket URL: <http://trac.wordpress.org/ticket/4137#comment:7>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list