[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit
From: scaturan@xxxxxxxxxxxx
Date: 10 Mar 2006 03:29:10 -0000

afaik, there is no hardcoded workaround other than disable anonymous 
registration, using .htaccess/httpd.conf restrictions, or removing 
wp-register.php 

for the time being, if you're using mod_security, you can block it using 
something like this:

SecFilterSelective "THE_REQUEST" "wp-register.php" "id:1004,deny,log,status:412"

more info. at http://www.modsecurity.org/

Prev by Date: Re: recursive DNS servers DDoS as a growing DDoS problem
Next by Date: Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit
Previous by thread: Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit
Next by thread: Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit
Index(es):
- Date
- Thread