junkgrave

Forum Replies Created

Viewing 3 replies - 1 through 3 (of 3 total)
  • Forum: Plugins
    In reply to: [WP fail2ban - Advanced Security] Major security flaw.
    Thread Starter junkgrave

    (@junkgrave)

    9 years, 9 months ago

    Your points are all totally valid, and upon re-reading my original post, your response was warranted.

    I want to apologize for my immature tone and phrasing. I really appreciate you sharing and maintaining this excellent piece of free software. It’s a concise and elegant solution to a frustrating problem.

    I may have been channeling/misplacing annoyance from recent hacking attempts on my WP installs into my bug report, which I regret as your plugin has been of great help in this regard.

    Thank you again for it, and sorry for being an ass. If I could delete this thread, I would do so – if you have that power, please feel free. I’ve read the article you linked to and will be sure to create all future bug reports with more professionalism.

    Forum: Plugins
    In reply to: [WP fail2ban - Advanced Security] Major security flaw.
    Thread Starter junkgrave

    (@junkgrave)

    9 years, 9 months ago

    Thanks for the quick fix.

    I don’t understand – how is me explicitly giving you the regexp and telling you that it’s missing from both the hard and soft filters “sarcasm” that you have to “cut through”? And how is this not a major security flaw when it lets people brute force username attempts until they find valid usernames, which is a huge advantage?

    You even closed this issue that someone opened over a week ago that shows the bug in action as well:
    https://ww.wp.xz.cn/support/topic/working-with-232-and-not-vith-351

    …without actually addressing the bug. The bug reporter even posted the existing jail’s regexps, and highlighted the fact that they get 0 matches on the failed attempts that they showed in their auth logs.

    If you’re referring to my little jib at the end about the soft spot in your heart, that was obviously a joke, hence the playful tone and the smiley face. But your veiled threats of ramifications for irresponsible disclosure are not jokes.

    Misunderstandings aside, the plugin is great and much needed in today’s world, and I really appreciate it.

    Forum: Plugins
    In reply to: [WP fail2ban - Advanced Security] Working with 2.3.1 and not vith 3.5.1
    junkgrave

    (@junkgrave)

    9 years, 9 months ago

    Hey @bubaweb, see my relevant thread here:
    https://ww.wp.xz.cn/support/topic/major-security-flaw-1

Viewing 3 replies - 1 through 3 (of 3 total)