So for much of today Qntra was offline. The reason was that on its 13th day of life Qntra became popular enough to suffer denial of service attacks. For the record this blog was on the front page of Slashdot 3 times, 4 if you count the front page of beta, and manages to abide on shared hosting.
The weapon used to carry out the Denial of Service attack is a familiar one to people in the Bitcoin Space, WordPress blogs running default settings. In spite of this WordPress flaw being used back in March in a large attack, Matt Mullenweg and his team don't... want... to patch... the giant hole that turns WordPress's default installation into a weapon. Ostentiably the reason to not patch defaults is to avoid breaking compatibility with plugins that might depend on the functionality offered by leaving WordPress open to be abused by default.
As bad as the Bash shell behavior was, giving attackers a shell on your server... This Wordpress XMLRPC Pingback hole is just as bad to your fellow internet residents. Sure Shell Shock was worse for you since it offered a shell on your machine, but to your friendly Internet neighbors the WordPress bullshit is just as bad. And much like WordPress there were Bash scripts that had been functional since 1992 which no longer work on patched versions of Bash.
Sure there are actually people who manage to patch their WordPress installs to avoid their sites becoming tools used to nuisance others. On the other hand WordPress is extremely popular among the crowd that can't or won't patch their blogs, because WordPress is easy and its defaults seem sane. Everything should point to breaking backward compatibility for a few motherfuckers to patch this hole. You know... put the onus on people making plugins to make things that don't depend on WordPress functioning as a Denial of Service cannon for any passer by to abuse.
Here's what WordPress's default setup allows to happen to other sites:
I can not rightly comprehend the confusion of ideas that leads Matt to choose the worst of all options as WordPress's default. Still, Qntra lives stronger than ever.
Don't know what hornets nest was poked recently, but both qntra and trilema are suffering long dowtimes each day since this article was published.
Well, before this was publish. Since they've just continued.