Bingology - BingoBoingo's Blog

ADD7A9A28F85E5EF1F51904F309BB8D7F3251143
About | Contact | PGP Public Key | Archive
« Nobel Prizes
NLCS Ended »

Qntra Continues To Own

So for much of today Qntra was offline. The reason was that on its 13th day of life Qntra became popular enough to suffer denial of service attacks. For the record this blog was on the front page of Slashdot 3 times, 4 if you count the front page of beta, and manages to abide on shared hosting.

The weapon used to carry out the Denial of Service attack is a familiar one to people in the Bitcoin Space, WordPress blogs running default settings. In spite of this WordPress flaw being used back in March in a large attack, Matt Mullenweg and his team don't... want... to patch... the giant hole that turns WordPress's default installation into a weapon. Ostentiably the reason to not patch defaults is to avoid breaking compatibility with plugins that might depend on the functionality offered by leaving WordPress open to be abused by default.

As bad as the Bash shell behavior was, giving attackers a shell on your server... This Wordpress XMLRPC Pingback hole is just as bad to your fellow internet residents. Sure Shell Shock was worse for you since it offered a shell on your machine, but to your friendly Internet neighbors the WordPress bullshit is just as bad. And much like WordPress there were Bash scripts that had been functional since 1992 which no longer work on patched versions of Bash.

Sure there are actually people who manage to patch their WordPress installs to avoid their sites becoming tools used to nuisance others. On the other hand WordPress is extremely popular among the crowd that can't or won't patch their blogs, because WordPress is easy and its defaults seem sane. Everything should point to breaking backward compatibility for a few motherfuckers to patch this hole. You know... put the onus on people making plugins to make things that don't depend on WordPress functioning as a Denial of Service cannon for any passer by to abuse.

Here's what WordPress's default setup allows to happen to other sites:

James Bond getting a giant knot to his ballsack Hurts? Y U DO THIS WORDPRESS?

I can not rightly comprehend the confusion of ideas that leads Matt to choose the worst of all options as WordPress's default. Still, Qntra lives stronger than ever.

This entry was posted on Tuesday, October 14th, 2014 at 7:38 p.m. and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “Qntra Continues To Own”

  1. thestringpuller says:
    October 18, 2014 at 10:53 a.m.

    Don't know what hornets nest was poked recently, but both qntra and trilema are suffering long dowtimes each day since this article was published.

    Reply
  2. BingoBoingo says:
    October 18, 2014 at 6:41 p.m.

    Well, before this was publish. Since they've just continued.

    Reply

Leave a Reply

Click here to cancel reply.

 

It's still a pleasure to read bb prose. Both well researched and well written...

- Mircea Popescu

Recent Posts

  • Pizarro ISP Closing Statement
  • What Uruguay Doesn't Have
  • Last Week And Some Aspects Of Uruguay In Review
  • Pizarro Liquidation Auction Preview - Photos
  • BingoBoingo After Pizarro - Plans Through End 2019
  • Pizarro Liquidation Auctions Proposal
  • Pizarro ISP Pre-Closing Statement
  • Could It Be All 'anyserver' Needed To Do Trackbacks Was A Way To Handle Domain Names
  • Peso Watch October 2019 Edition
  • Qntra Journalism Short Course: A Proposal

Recent Comments

  • BingoBoingo on What Uruguay Doesn't Have
  • BingoBoingo on What Uruguay Doesn't Have
  • Mircea Popescu on What Uruguay Doesn't Have
  • BingoBoingo on What Uruguay Doesn't Have
  • Mircea Popescu on What Uruguay Doesn't Have
  • Mircea Popescu on What Uruguay Doesn't Have
  • BingoBoingo on BingoBoingo After Pizarro - Plans Through End 2019

Feeds

  • Posts RSS
  • Comments RSS


Tip Jar: 15eVXAW7k8uKc5moDFUSc9Y3jmHFAenNXo