WordPress.org

Ready to get started?Download WordPress

Forums

Login Security Solution
[resolved] DOS attacks (2 posts)

  1. frisco
    Member
    Posted 1 year ago #

    You cover DOS attacks in the FAQ, but we're seeing more and more brute force attacks that become de facto DOS attacks. Since PHP is a single process per request language, each request locks the process for the duration of the script execution. Let's say a server has resources to handle 6 PHP processes. If those go to sleep because of LSS, there's no process for a legitimate visitor. The brute force attacker can throw enough requests in the queue that it's easy to trigger a timeout. We're now seeing this type of attack at least 1x per week.

    I think the code and support of LSS is great, but we've had to recently deactivate it because creating many sleeping processes ends up being worse than the problem of brute force attacks. Do you have any suggestions for working around the problem we're experiencing or is the scale/nature of the attacks we're seeing unusual? We'd love to use LSS, but we can't keep making more PHP processes to keep up with the bad guys.

    http://wordpress.org/extend/plugins/login-security-solution/

  2. Daniel Convissor
    Member
    Plugin Author

    Posted 1 year ago #

    Hi Frisco:

    You're right. Login Security Solution doesn't handle DDOS attacks and can be used as a vector to implement such attacks.

    Naturally, someone determined to DDOS a site will do it regardless of how many processes the server can run. The appropriate tools and procedures for dealing with them involve the server and networking layers.

    --Dan

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.