[wp-testers] WordPress 2.0.1 Remote DoS Exploit?
Owen Winkler
ringmaster at midnightcircus.com
Fri Mar 10 17:03:58 GMT 2006
Dougal Campbell wrote:
> As others have already pointed out, rate-limiting registrations by IP
> number won't help when attackers switch to a distributed attack. And
> besides, not many sites really *need* to have open registration. For
> those that do, protection can be adding by plugins using the
> user_register API hook. I wonder if the Akismet plugin could even be
> brought into play here? That might be an interesting extension.
I think user_register happens after a registration is committed to the
database. Minor point, but there isn't a nice, clean hook for generic
registration filtering.
steve caturan wrote:
> i think a plugin to enable/disable Captcha for wp-register.php would be
> a good deterrent. is that feasible or will that require a major tweak in
> core?
It would not take a major tweak in the core, but a couple of better
placed hooks would make it easier.
Owen
More information about the wp-testers
mailing list