WordPress.org

Ready to get started?Download WordPress

Forums

Exploit/dos against latest version 2.8.4 (4 posts)

  1. nux
    Member
    Posted 4 years ago #

    I'm using the latest version of WordPress and was able to DoS my server up to >45 load averages with it.

    It seems to be an issue in wp-trackback.php

    I made a quick blog post about it, and included a temporary work around at:
    http://www.stevefortuna.com/new-0-day-wordpress-exploit/

    Update: I posted a quick little fix and tested it for this DoS.

  2. MichaelH
    Member
    Posted 4 years ago #

    Please email security@wordpress.org with that info.

  3. Glenn Ansley
    Member
    Posted 4 years ago #

    We created a quick plugin that self hosted WordPress users may install to prevent the attack from taking place on their site.

    You can find it here: http://fullthrottledevelopment.com/wordpress-plugin-to-stop-trackback-dos-attacks

  4. MichaelH
    Member
    Posted 4 years ago #

    Version 2.8.5 will be released within 24 hours and will have a fix for this.

    Information is available at http://lists.automattic.com/pipermail/wp-testers/2009-October/011937.html <--also has link to download 2.8.5 beta

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.