The way this denial of service attack works is that a random search string is sent to the search form of a WordPress based website. Caching plugins do not work against this because the search string is randomized. It’s quite simple but what I’ve been told is that this is not an issue for WordPress to handle. Instead, this attack should be dealt with by the webhost on a firewall level. At one point, a ticket was created by Scribu but has since been closed as won’t fix.

So at the end of the day, the best defense you have is a competent webhost that will do their part to prevent these attacks from happening. No reason to be alarmed.

According to the bulletin that was published by Chxsecurity.org version 1.4.3 contains the following vulnerabilities:

• SQL Injection: caused by unsanitized variable “p” in the ajax_comments.php file.
• Cross Site Scripting: This affects authenticated and unauthenticated users.
• Cross Site Request Forgery: the form generated through wpcr_do_options_page lacks the WordPress wp_nonce security function.

These vulnerabilities are considered HIGH risks however, the latest version (1.4.4) apparently addresses these issues. If you are using this plugin on your blog, be sure to upgrade it to the latest version.

Just so that everyone is aware, WordPress 2.5 is the latest stable version and this should be the version that everyone should upgrade to. Any older versions leaves you vulnerable. [EDIT] As mentioned on the legacy 2.0 page, WordPress 2.0.11 is the latest stable download with all the latest security fixes for the 2.0 branch. However, WordPress 2.5 is still the latest and the greatest and should be everyones upgrade target.

As for themes, if you feel that the theme you are using might be suspect of something strange, just disable it and get something else. I suggest you download themes from the original author’s website/blog and stay away from any theme that has an encrypted footer (though that would be hard to determine without looking at the code). At weblogtoolscollection.com we try our darnest to link directly to theme authors for the download.

Technorati is just the beginning. If your blog has spammy links, has covert hidden pages or links, is used for nefarious purposes, even without your knowledge, you are being penalized by the search engines. We are going to put together a post on how to figure out if your blog is hacked/exploited, clean up your blog if it is hacked, get your blog back to order, find spammy pages if they do exist and how to get your blog re-indexed. In the meantime, if you know of a good resource, please let us know and we will add it to the post.

Today is a good day to upgrade to WordPress 2.5