Security vulnerabilities in Banhammer (1)
-
DOS through IP spoofing – (Banhammer <= 2.9)
An attacker can use IP spoofing to ban legitimate users, search-engine crawlers, or a site’s reverse proxy. This becomes possible as soon as a site owner changes the default IP source of the plugin by using the “banhammer_ip_keys” filter.