Add Expiring Token to Endpoint for DDOS Protection

Question

Add Expiring Token to Endpoint for DDOS Protection

dshanske opened this issue 11 years ago · 3 comments

Add an expiring, random or encrypted token to webmention endpoints, preventing the accumulation of lists of endpoints and forcing attackers to look up the webmention endpoint of each of the sites they want to use to DDOS a victim.

http://indiewebcamp.com/DDOS#Expiring_token_in_endpoint

pfefferle commented 11 years ago

see: #41

Answer 1 · 2014-12-04T22:41:46.000Z

FWIW, WordPress has built in nonce functionality.

Answer 2 · 2014-12-05T00:54:29.000Z

I'm not ready for a pull request but I've started working on this in /peterwilsoncc/wordpress-webmention/tree/issue39

I'm dogfooding it on my own site and will see how it goes.