[wp-testers] WordPress 2.0.1 Remote DoS Exploit?

Owen Winkler ringmaster at midnightcircus.com
Fri Mar 10 17:03:58 GMT 2006


Dougal Campbell wrote:
> As others have already pointed out, rate-limiting registrations by IP 
> number won't help when attackers switch to a distributed attack. And 
> besides, not many sites really *need* to have open registration. For 
> those that do, protection can be adding by plugins using the 
> user_register API hook. I wonder if the Akismet plugin could even be 
> brought into play here? That might be an interesting extension.

I think user_register happens after a registration is committed to the 
database.  Minor point, but there isn't a nice, clean hook for generic 
registration filtering.


steve caturan wrote:
> i think a plugin to enable/disable Captcha for wp-register.php would be 
> a good deterrent. is that feasible or will that require a major tweak in 
> core?

It would not take a major tweak in the core, but a couple of better 
placed hooks would make it easier.

Owen




More information about the wp-testers mailing list