The last key point: - using fail2ban it can be fixed in minutes (temporarily until dev team provides a permanent solution)
On 18 July 2013 11:02, Paul Bennett <[email protected]> wrote: > Just to keep things on topic. > > For me the key points are: > - SS3 requires admin privileges to flush the entire cache (expected) > - SS3 does not require admin privileges to flush the current page cache > (unexpected) > - as Chris has outlined, a DoS attack using the ?flush=1 string results in > a dramatically increased server load and response time when compared to a > standard cached request > - this issue has be known since Feb 2013 > - currently (as in *today*) SS core devs are working on a fix which will > be pushed to master and 3.1 > - there are also some tips on the github issue that suggest .htaccess and > apache config workarounds in the interim ( > https://github.com/silverstripe/silverstripe-framework/issues/1692#issuecomment-21151232 > ) > > Paul > > -- > -- > NZ PHP Users Group: http://groups.google.com/group/nzphpug > To post, send email to [email protected] > To unsubscribe, send email to > [email protected] > --- > You received this message because you are subscribed to the Google Groups > "NZ PHP Users Group" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- With best regards, Ivan Kurnosov -- -- NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected] --- You received this message because you are subscribed to the Google Groups "NZ PHP Users Group" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
