Does Wordfence patch DoS Issue CVE-2018-6389 automatically?

  • Resolved Crazy-Jake

    (@crazy-jake)


    6 years, 9 months ago

    the short version is a trivial Denial of Service issue has been reported to WordPress and they do not intend to provide a patch or change to address the issue. A forked version of WordPress exists to address this (not recommended) as does a change to load-scripts.php that would mitigate the problem.

    My Question: Will Wordfence be deploying an automatic mitigation in the form of this change to load-scripts.php, or should we be running this ourselves if we have shell access to our hosts?

    Source: https://thehackernews.com/2018/02/wordpress-dos-exploit.html

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)

  • I’d like to know this too!

    Wordfence would never ever modify or patch WordPress core. Regarding the WordPress behavior referenced here, the Wordfence rate limiting prevents any abuse that could lead to website server overload and a resulting successful DOS attack.

    Set up your rate limiting in Wordfence, and you’re good.

    It would be nice to see WordPress take care of this sort of thing, but they seem to be more concerned about keeping the Hello Dolly plugin working well.

    MTN

    “…they seem to be more concerned about keeping the Hello Dolly plugin working well.”

    LOL

    Hi,
    The recent “DoS flaw” in WordPress core, designated as CVE-2018-6389, does not have enough data associated with it to indicate that it is a new threat. The attack relies on making multiple HTTP requests to a WordPress endpoint that is designed to generate some load. The load that the target PHP script generates does not appear to be orders of magnitude more than other WordPress core PHP scripts.

    The web allows unauthenticated HTTP requests from client to server in order to provide it’s basic function. If an attacker sends enough HTTP requests to any website, they will DoS that website. In this case, the report is simply an attacker overwhelming a low resource website with a large number of requests. The endpoint doesn’t seem relevant.

    Therefore we are considering this a non-issue and would class this attack with other DoS and DDoS style attacks.

    Wordfence continuously monitors attack patterns on the web. If we determine that an IP or set of IP addresses is engaging in malicious activity, we will block those attackers from making any request to your website. We will continue to monitor this situation and, where we deem necessary, we will block malicious actors.

    Thanks.

    @wfalaa – nice answer. I’m going to link to it for a client. Also, I’m adding a further clarification.

    This means WordFence will block (and prevent) this activity *if you set it up to do so* – the endpoint does not matter. If you limit requests per IP you’ll be able to block this out using WordFence.

    Yes, with Wordfence you can limit requests per IP in a number of different ways, though remember, the IP can still hit your server, receive a blocking or error message, and thus still use resources. But unless you are specifically targeted for a major DDOS effort, Wordfence has what you need. MTN

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Does Wordfence patch DoS Issue CVE-2018-6389 automatically?’ is closed to new replies.