[dokuwiki] Re: attempt to use possible vulnerability of dokuwiki
- From: Wes <stararmy@xxxxxxxxx>
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Wed, 6 Feb 2008 13:21:19 -0500
I noticed some of the requests are for the index, which is probably
one of the most work-intensive commands we can give our dokuwikis.
This goes with the buffer overrun/DOS theory.
-Wes
On Feb 6, 2008 1:15 PM, Jonathan Dill <jonathan@xxxxxxxxx> wrote:
> I plugged in some of the "search" strings at random to Google and there
> are thousands of reports of this type of activity, it does not appear to
> be targeted at dokuwiki, but any type of website. Some people have
> reported a Denial of Service with 20+ per second of this type of
> activity. I have not found a good explanation yet of what they appear
> to be trying to exploit.
>
> For dokuwiki, the most common thing that I would expect is a POST with
> some sort of spamming or defacement, not a GET. Offhand, I would guess
> it is some type attempt at Buffer Overrun (BO) but I don't know what the
> actual target is.
>
> Jonathan
>
> --
> DokuWiki mailing list - more info at
> http://wiki.splitbrain.org/wiki:mailinglist
>
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist
Other related posts:
