[wp-hackers] RE: wp-hackers Digest, Vol 14, Issue 6 - DdoS and Wordpress

nimrod nimrod at kung-foo.de
Fri Mar 3 12:32:09 GMT 2006


gentlemen,

denial of service attacks or distributed ones have different methods but DO
NOT aim a software blog (like wordpress).
a software blog is not responsible for a thing which most expensive hardware
firewalls cant handle (we are talking about a difference of 5 osi layers).
so i totally stick with the answer of mr deaton. 

regards,

nimrod

> On 3/3/06, Roy Schestowitz <r at schestowitz.com> wrote:

> People could start a commotion over other aspects which are consiered 
> more serious 'vulnerabilities'. Users could argue about serious 
> matters like the reluctance to lock WordPress after a particular 
> number of failed logins
> (still?) or the disclusion of 'out of the box' DDOS attack protection.

> On Fri, 3 Mar 2006 Robert Deaton <false.hopes at gmail.com> wrote in
response:

> DDOS protection comes at a level much earlier than WordPress, and in order

> for WordPress itself to know that it may be coming under DDOS, WordPress 
> has to store additional data in the database or on the filesystem. Each
write 
> is more harmful than the last, and really trying to stop DDOS attacks is
opening yourself up to more.

> DDOS at this level is targetting the hardware and the underlying
components 
> of a website, the HTTP server, the network stack, the bandwidth limits of
your PCI buses, not the 
> software, and anyone who argues that WordPress needs builtin DDOS
protection is a fool imho.




More information about the wp-hackers mailing list