Protection against the WordPress “large comment” security bug

Posted April 27th, 2015 in Tech Corner. Tags: , , .

The authors of WordPress today released version 4.2.1 that fixes a critical security bug.

While upgrading is always a good idea, we’ve blocked the attack for all versions of WordPress on all sites that we host. We’ve also verified using our MySQL binary logs that no sites were attacked before we started the blocking.

Can I see the mod_security rules?

Although our customers are fully protected, we’re often asked to share our mod_security rules when we post something like this. If you’re the technical person running a server for other people who use old versions of WordPress, something like this should stop the attacks:

SecRule REQUEST_LINE "^post .*/wp-comments-post\.php" "deny,auditlog,chain"
SecRule ARGS_POST:comment ".{65530}"

(You may want to add similar rules for other comment fields out of caution, too.)

  1. Recent Posts

    1. PHP versions 8.2.17 and 8.3.4
    2. President’s Day 2024 holiday hours
    3. PHP versions 8.1.27 and 8.2.15
    4. Martin Luther King, Jr. Day 2024 holiday hours
    5. New Year’s 2024 Holiday Hours
    6. Christmas 2023 Holiday Hours
    7. Brief scheduled maintenance December 16-17, 2023
    8. Thanksgiving 2023 Holiday Hours
    9. PHP versions 8.1.25 and 8.2.12
    10. PHP versions 8.1.24 and 8.2.11

  2. Categories

  3. Tags

    all servers email holiday hours linux mailman maintenance mod_security mysql network php phpmyadmin security server updates spam ssl status updates webmail wordpress zapp

  4. Feeds