{"id":1171,"date":"2015-10-19T13:06:23","date_gmt":"2015-10-19T17:06:23","guid":{"rendered":"http:\/\/www.blogseye.com\/?p=1171"},"modified":"2015-10-19T13:06:23","modified_gmt":"2015-10-19T17:06:23","slug":"system-multicall-testing-works-download-now","status":"publish","type":"post","link":"http:\/\/blogseye\/2015\/10\/system-multicall-testing-works-download-now.html","title":{"rendered":"System.multicall Testing Works. Download Now!"},"content":{"rendered":"<p>There is a new and powerful exploit in the wild. I wrote a fix for it and it is working.<\/p>\n<p>I am getting a bunch of system multicall hits on a test site. Each is about 160 name\/password pairs. I captured the requests and tested them against some test sites and they actually do 160 login attempts at a time. When I set one of them to a real id\/password it reports back that that combo was successful.<\/p>\n<p>I am thinking of writing a simple blocker for these attempts for people who do not have the beta test of my plugin.<\/p>\n<p>The alternative to this is to commit the current beta to WordPress, but I don&#8217;t really want to do that. I do not have time right now to deal with the flood of support messages that will come when people figure out that I have changed something and the plugin behaves differently.<\/p>\n<p>For anyone reading this &#8211; If you have not downloaded a beta version in a while, now is the time to do it.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>There is a new and powerful exploit in the wild. I wrote a fix for it and it is working. I am getting a bunch of system multicall hits on a test site. Each is about 160 name\/password pairs. I captured the requests and tested them against some test sites and they actually do 160 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/posts\/1171"}],"collection":[{"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/comments?post=1171"}],"version-history":[{"count":1,"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/posts\/1171\/revisions"}],"predecessor-version":[{"id":1172,"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/posts\/1171\/revisions\/1172"}],"wp:attachment":[{"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/media?parent=1171"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/categories?post=1171"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/tags?post=1171"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}