Plugin causes self inflicted DOS ATTACK!

  • Resolved Oclair

    (@oclair)


    5 years, 5 months ago

    Woocommerce knows neither how their users use their software, nor the sloppily designed, resource wasteful platform wordpress revealing this by this beta plugin.

    This plugin will never be useable, admins for sites have multiple browser tabs open and that completely knocks out the store with a denial of service effect. Just imagine a few admins logged in at the same time with multiple tabs open?

    #facepalm
    Have a nice day!
    OC

Viewing 8 replies - 1 through 8 (of 8 total)

  • Thanks for bringing this up, @oclair! This was exactly what happened to us this morning (all morning!) and our hosts over at Flywheel did an awesome job (as always!) figuring it out.

    Though WooCommerce Admin hasn’t reach version 1.0 yet at the time of this post, I couldn’t resist installing it, so I just learned that lesson again, alas, of the risks to using pre-1.0/beta software rather than waiting till it’s officially ready.

    “Self-inflicted DDoS/DOS” – that’s exactly what it was!

    Thread Starter Oclair

    (@oclair)

    Wordpress simply has too much crap that loads with every single insignificant request. Web cron, rebuilding image previews total garbage stuff that should be simply thrown into an orderly crontab never to think about again. So every time that lovely and I agree lovely admin interface shoots over a dozen requests to populate bam the site is locked up.

    You would think woocommerce would first release a code cleanup for the core wordpress before making such demands on it…

    I had the same experience. My CPU load went to the skies, so I though I was experiencing an attack. After tailing access log, I discovered the IP “attacking” my server was my own: I forgot to close my woocommerce administation. After closing this one tab, loads went back to normal.

    Yes! This is a major issue and need to be fixed! Unbelievably bad bug, just look at my logs, this isn’t even 1 full second!!

    [07/Jun/2019:18:06:14 +0000] “GET /wp-json/wc/v4/reports/orders?page=1&per_page=0&status_is%5B0%5D=processing&status_is%5B1%5D=on-hold&_locale=user HTTP/1.0” 404 649 “https://*****.com/wp-admin/post.php?post=8006&action=edit” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15”
    [07/Jun/2019:18:06:14 +0000] “GET /wp-json/wc/v4/admin/notes?page=1&per_page=25&status=unactioned&type=error%2Cupdate&_locale=user HTTP/1.0” 404 649 “https://*****.com/wp-admin/post.php?post=8006&action=edit” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15”
    [07/Jun/2019:18:06:14 +0000] “GET /wp-json/wc/v4/admin/notes?page=1&per_page=25&status=unactioned&type=error%2Cupdate&_locale=user HTTP/1.0” 404 649 “https://*****.com/wp-admin/post.php?post=7899&action=edit” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15”
    [07/Jun/2019:18:06:14 +0000] “GET /wp-json/wc/v4/reports/orders?page=1&per_page=0&status_is%5B0%5D=processing&status_is%5B1%5D=on-hold&_locale=user HTTP/1.0” 404 649 “https://*****.com/wp-admin/post.php?post=7899&action=edit” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15”
    [07/Jun/2019:18:06:14 +0000] “GET /wp-json/wc/v4/admin/notes?page=1&per_page=25&status=unactioned&type=error%2Cupdate&_locale=user HTTP/1.0” 403 606 “https://*****.com/wp-admin/post.php?post=8020&action=edit” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15”
    [07/Jun/2019:18:06:14 +0000] “GET /wp-json/wc/v4/admin/notes?page=1&per_page=25&status=unactioned&type=error%2Cupdate&_locale=user HTTP/1.0” 403 606 “https://*****.com/wp-admin/post.php?post=8006&action=edit” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15”
    [07/Jun/2019:18:06:14 +0000] “GET /wp-json/wc/v4/reports/orders?page=1&per_page=0&status_is%5B0%5D=processing&status_is%5B1%5D=on-hold&_locale=user HTTP/1.0” 403 606 “https://*****.com/wp-admin/post.php?post=8006&action=edit” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15”
    [07/Jun/2019:18:06:14 +0000] “GET /wp-json/wc/v4/reports/orders?page=1&per_page=0&status_is%5B0%5D=processing&status_is%5B1%5D=on-hold&_locale=user HTTP/1.0” 403 606 “https://*****.com/wp-admin/post.php?post=8020&action=edit” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15”
    [07/Jun/2019:18:06:14 +0000] “GET /wp-json/wc/v4/admin/notes?page=1&per_page=25&status=unactioned&type=error%2Cupdate&_locale=user HTTP/1.0” 403 606 “https://*****.com/wp-admin/post.php?post=8020&action=edit” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15”
    [07/Jun/2019:18:06:22 +0000] “GET /wp-json/wc/v4/admin/notes?page=1&per_page=25&status=unactioned&type=error%2Cupdate&_locale=user HTTP/1.0” 403 606 “https://*****.com/wp-admin/post.php?post=8020&action=edit” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15”
    [07/Jun/2019:18:06:22 +0000] “GET /wp-json/wc/v4/admin/notes?page=1&per_page=25&status=unactioned&type=error%2Cupdate&_locale=user HTTP/1.0” 404 649 “https://*****.com/wp-admin/post.php?post=8006&action=edit” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15”
    [07/Jun/2019:18:06:22 +0000] “GET /wp-json/wc/v4/admin/notes?page=1&per_page=25&status=unactioned&type=error%2Cupdate&_locale=user HTTP/1.0” 403 606 “https://*****.com/wp-admin/post.php?post=8006&action=edit” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15”
    [07/Jun/2019:18:06:22 +0000] “GET /wp-json/wc/v4/admin/notes?page=1&per_page=25&status=unactioned&type=error%2Cupdate&_locale=user HTTP/1.0” 404 649 “https://*****.com/wp-admin/post.php?post=7899&action=edit” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15”
    [07/Jun/2019:18:06:22 +0000] “GET /wp-json/wc/v4/reports/orders?page=1&per_page=0&status_is%5B0%5D=processing&status_is%5B1%5D=on-hold&_locale=user HTTP/1.0” 403 606 “https://*****.com/wp-admin/post.php?post=8020&action=edit” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15”
    [07/Jun/2019:18:06:22 +0000] “GET /wp-json/wc/v4/admin/notes?page=1&per_page=25&status=unactioned&type=error%2Cupdate&_locale=user HTTP/1.0” 403 606 “https://*****.com/wp-admin/post.php?post=8020&action=edit” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15”
    [07/Jun/2019:18:06:22 +0000] “GET /wp-json/wc/v4/reports/orders?page=1&per_page=0&status_is%5B0%5D=processing&status_is%5B1%5D=on-hold&_locale=user HTTP/1.0” 403 606 “https://*****.com/wp-admin/post.php?post=8020&action=edit” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15”
    [07/Jun/2019:18:06:22 +0000] “GET /wp-json/wc/v4/reports/orders?page=1&per_page=0&status_is%5B0%5D=processing&status_is%5B1%5D=on-hold&_locale=user HTTP/1.0” 404 649 “https://*****.com/wp-admin/post.php?post=7899&action=edit” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15”
    [07/Jun/2019:18:06:22 +0000] “GET /wp-json/wc/v4/reports/orders?page=1&per_page=0&status_is%5B0%5D=processing&status_is%5B1%5D=on-hold&_locale=user HTTP/1.0” 404 649 “https://*****.com/wp-admin/post.php?post=8006&action=edit” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15”
    [07/Jun/2019:18:06:22 +0000] “GET /wp-json/wc/v4/reports/orders?page=1&per_page=0&status_is%5B0%5D=processing&status_is%5B1%5D=on-hold&_locale=user HTTP/1.0” 403 606 “https://*****.com/wp-admin/post.php?post=8006&action=edit” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15”

    Plugin Author Albert Juhé Lluveras

    (@aljullu)

    @oclair @calebweeks @gresakg @nikonratm thanks for the report. Some other users reported similar issues, and we are tracking it here:

    https://github.com/woocommerce/woocommerce-admin/issues/2365

    Feel free to participate in the GitHub issue or leave any other details you think might be relevant.

    Plugin Author Albert Juhé Lluveras

    (@aljullu)

    @oclair @calebweeks @gresakg @nikonratm updating to the last version of WooCommerce Admin (0.13.1), which was released today, should fix this issue.

    I will proceed marking this thread as resolved. Please, feel free to reopen it if you can still reproduce the bug.

    Thread Starter Oclair

    (@oclair)

    clearly the team re-wrote the real world wordpress core to handle their other world ambitions #holdononesecmyimagepreviewsarebeingrefreshed

    • This reply was modified 5 years, 5 months ago by Oclair.

    Thanks for update, @aljullu! Will report back if we have any issues. ????

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Plugin causes self inflicted DOS ATTACK!’ is closed to new replies.