Early in 2018, Barak Tawily published a possible DoS attack for WordPress, that basically works by requesting all possible scripts on the /wp-admin/load-scripts.php, a script that fetches and concatenates javascript files — there’s also a load-styles.php file that does the same for styles. His vulnerability report was rejected by the WordPress team, on the account… Continue reading Mitigating CVE-2018-6389 WordPress DoS attack with lighttpd
Tag: lighttpd
Un-breaking lighttpd’s broken mod_access
A client let us know that the server where her company’s site was hosted had an unusually high load. After checking the access log for the web server, it was clear that the cause was repeated access attempts at a single URL, which was not essential to the site. So I though this should be… Continue reading Un-breaking lighttpd’s broken mod_access
Por qué y cómo implementar un nombre de dominio canónico
Es bastante frecuente que un cliente tenga el registro de más de un nombre de dominio para su sitio web, así como también que desee que su sitio esté accesible a través de cualquiera de sus dominios… sin embargo, disponibilizar el mismo contenido a través de distintas URL no es una buena idea, sino que… Continue reading Por qué y cómo implementar un nombre de dominio canónico