WordPress.org

Ready to get started?Download WordPress

Forums

WordPress Denial of Service on Full Disclosure 2.8.4 (7 posts)

  1. zonknz
    Member
    Posted 4 years ago #

    Hi- is anyone aware of a fix, or workaround to prevent the following DoS attack?

    http://seclists.org/fulldisclosure/2009/Oct/263

  2. ClaytonJames
    Member
    Posted 4 years ago #

    Possible information relative to your inquiry. I have seen several different sources on this. You know how that goes. Interesting Information none the less.

    http://wordpress.org/support/topic/322685?replies=2

  3. zonknz
    Member
    Posted 4 years ago #

    Thanks, useful to note they have a fix to limit the length of a trackback, rather than just disabling access to wp-trackback.php

  4. Glenn Ansley
    Member
    Posted 4 years ago #

    Hi,
    We created a quick plugin that self hosted WordPress users may install to prevent the attack from taking place on their site.

    You can find it here: http://fullthrottledevelopment.com/wordpress-plugin-to-stop-trackback-dos-attacks

  5. MichaelH
    Member
    Posted 4 years ago #

    Version 2.8.5 will be released within 24 hours and will have a fix for this.

    Information is available at http://lists.automattic.com/pipermail/wp-testers/2009-October/011937.html <--also has link to download 2.8.5 beta

  6. zonknz
    Member
    Posted 4 years ago #

    Thanks- i've seen this is available and run it through our testing blog all looks good.

    This was useful to force our production blog to re-check for an update :

    http://webdesign.anmari.com/force-upgrade-check/

  7. MichaelH
    Member
    Posted 4 years ago #

    zonknz - also see Core Control as it too checks for core, plugins, and theme, upgrades.

    http://wordpress.org/extend/plugins/core-control/

    Oh, and 2.8.5 is now available.

Topic Closed

This topic has been closed to new replies.

About this Topic