[wp-testers] WordPress 2.0.1 Remote DoS Exploit?
Dougal Campbell
dougal at gunters.org
Thu Mar 9 18:54:42 GMT 2006
Tyson Tate wrote:
> From the IRC channel, jharrisonwk reports that there's a (mostly)
> working remote DoS exploit for WP 2.0.1.
>
> http://www.securityfocus.com/archive/1/427152/30/0/threaded
>
> Can anyone confirm? I'm having trouble reading through all the l33t-sp3ak.
Wow, that's lame. I'm not saying it's not *annoying*, but it's a
weak-ass excuse for an "exploit".
All the script does is perform a huge number of bogus user
registrations. Eventually, this will probably cause the disk that holds
your database files to fill up, which will cause various sorts of system
problems, depending on your server's setup.
So, now I suppose I need to update my SpamValve system to watch for user
registrations, and automatically firewall servers that attempt multiple
reg attempts. *sigh*
--
Dougal Campbell <dougal at gunters.org>
http://dougal.gunters.org/
More information about the wp-testers
mailing list