WordPress 2.0.1 Remote DoS Exploit.

Viewing 4 replies - 1 through 4 (of 4 total)

  • Yes.
    This has already been flagged to the hackers list.

    The above tries some sort of repeated registration.
    If you do not allow people to register, delete the file ‘wp-register.php’
    That will sort you out.

    If you have mod_security and know what this means, use it:
    SecFilterSelective
    "THE_REQUEST" "wp-register.php"
    "id:1004,deny,log,status:412"
    #SecFilterRemove 1004

    Further advice will follow.

    But the sky isn’t falling, no-one need panic and the right people will sort this.

    Thread Starter klutz

    (@klutz)

    podz many thanks for prompt reply and your time.

    Could you clarify if using mod-security method will allow legitimate registeration requests?

    >the right people will sort this.
    Never doubted ??

    I don’t know.
    Right now I would stop registrations if I had them active on my blog, but I don’t know if that is the actual answer that Matt & Co. will give.

    Thread Starter klutz

    (@klutz)

    >I would stop registrations if I had them active
    Will do that. Thanks again for your time.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘WordPress 2.0.1 Remote DoS Exploit.’ is closed to new replies.

Tags