[wp-hackers] Zombies aimed at WordPress
Jason A. Trommetter
jasontromm at gmail.com
Thu Oct 13 14:16:18 GMT 2005
I've been very happy with Referrer Karma from
http://unknowngenius.com/blog/
It catches thousands of referrer spam hits per day and I suppose it's
blocking zombies also? It integrates very easily into WordPress and
cooperates nicely with Spam Karma.
----- Original message -----
From: "Roy Schestowitz" <r at schestowitz.com>
To: wp-hackers at lists.automattic.com
Date: Thu, 13 Oct 2005 10:47:32 +0100
Subject: [wp-hackers] Zombies aimed at WordPress
I apologise to have started a new thread, but there are many new
dimensions to
this problem, which increases/spreads exponentially as it seems. All
occurrences of zombie attacks of this kind (see previous thread for
context)
target WordPress... at least the ones I am aware of, having researched
the Web.
The spammers handpick sensitive (read: heavy) WordPress-generated
pages. I have
only comes across 3 occurrences of such attacks, best characterised by
Tonga
domains in the referrer field. All occur around the same time across the
domains.
The zombies in question are all Windows-based and they almost double in
number
on a daily basis. I shall soon collaborate with my Web host (SpamValve
and Bad
Behaviour spring to mind). otherwise, considering the current pace of
expansion, my domain would be isolated from cyberspace. They are
eCommerce
sites whose income depends on the Web and their shops are crippled by
attacks
on my site.
The attacks I know of affect Windows-, Linux-, and Mac-oriented sites,
so there
is no O/S zeal as a motive; maybe there is CMS zeal, if at all.
More evidence of the problems are beginning to resurface. Some of you in
this
list might be affected, but have not noticed it yet. This began (for me)
at the
start of this month. There were only dozens of attacks at the start so
they were
hard to notice among the logs. Use Technorati to find information on the
attacks
as it's all fairly recent so unindexed. One source claims that there are
many
sites affected, but they choose to remain silent or wait for a diminish
rather
than expansion of this disease. Even the mainstream media exposed
similar
issues a day ago. Some of you may have heard of the Dutch gang that had
100,000
zombies and planned an attack. They have just been arrested. A friend of
mine
said it is a small scale considering what else if out there already.
I posting this to wp-hackers because it appears to have developed into a
possible yet-to-be-seen plague that is most detrimental to WordPress.
Judging
by the pattern of the attacks, I can make a few speculations. The
spammers
hijacks or simply inject a rogue process with hard-coded URL's that vary
(both
referrer and target URL vary, thereby making it hard to filter).
I don't want to get political (admittedly I have the tendency), but who
is
liable? It is sure not the host, or Apache, or WordPress (I won't pull
Matt's
finger - pun intended). Who is it that used code spaghetti that left a
gap to
be exploited in the O/S? Or lazy ISP's that harbour rotten traffic?
Countries
of shame in this case are China with thrice as many attacks than Russia
at
second. Something must be done. This keeps doubling and affecting more
blogs.
Roy
--
Roy S. Schestowitz | Roughly 2% of your keyboard is O/S-specific
http://Schestowitz.com | SuSE Linux | PGP-Key: 74572E8E
10:30am up 48 days 22:44, 3 users, load average: 0.30, 0.32, 0.24
http://iuron.com - next generation of search paradigms
_______________________________________________
wp-hackers mailing list
wp-hackers at lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-hackers
More information about the wp-hackers
mailing list