404 pages preloaded

  • Resolved Amarria

    (@amarria)


    5 years, 8 months ago

    This actually affects many page caching plugins but wanted to highlight it as it is a big issue.

    When a visitor comes to my site and the page is a 404 eg: example.com/dfdhkdh

    This will then get preloaded in the cache/wpo-cache directory.

    I run an enterprise level site and when the hackers found this vulnerability they managed to ddos my site for an hour by generating directories within the cache.

    I ended up with tens of thousands of directories within the wpo-cache directory.

    To resolve this I set all 404s to redirect home which isnt ideal but works.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Harshad

    (@bornforphp)

    5 years, 8 months ago

    @amarria Thanks for reporting the issue, I’ll share the same with our developers for further testing.

    Marc Lacroix

    (@marcusig)

    5 years, 8 months ago

    @amarria 404 pages should not be cached by WP-Optimize (for the very reason that you mention: thousands of directories being created), unless if the wordpress function is_404() doesn’t work as expected.
    So directories should NOT be created by WP-Optimize’s page cacheing. Do you have anything that might affect the WordPress query, resulting in is_404() not working properly?

    Best wishes,
    Marc.

    Thread Starter Amarria

    (@amarria)

    5 years, 8 months ago

    Thanks for your reply. I will check for plugin conflicts or code snippets that may have caused this.

    Marc Lacroix

    (@marcusig)

    5 years, 7 months ago

    Note that caching in itself will result in filling up disk space, but not necessarily take the site down. A ddos is possible no matter if caching is enabled or not. Calling 404 pages or simply adding a get parameter will bypass the page caching, and hit WordPress directly. So only firewalls and other DDOS protection services can help in that case (e.g Cloudflare).

    Marc.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘404 pages preloaded’ is closed to new replies.