<<< Date Index >>>     <<< Thread Index >>>

Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit



afaik, there is no hardcoded workaround other than disable anonymous 
registration, using .htaccess/httpd.conf restrictions, or removing 
wp-register.php 

for the time being, if you're using mod_security, you can block it using 
something like this:

SecFilterSelective "THE_REQUEST" "wp-register.php" "id:1004,deny,log,status:412"

more info. at http://www.modsecurity.org/