[wp-hackers] Zombies aimed at WordPress [s]

John Ha [c] mailing-lists at netspace.net.au
Thu Oct 13 14:48:50 GMT 2005


this is true, but in extreme cases like this, the logging level can be
adjusted or even switched off via plugin settings.

i suppose if you do get a volume as large as you mentioned simultaneuosly,
then that would be a bit of a problem with or without these measures.
----- Original Message ----- 
From: "Frederic de Villamil" <fdevillamil at gmail.com>
To: <wp-hackers at lists.automattic.com>
Sent: Friday, October 14, 2005 12:36 AM
Subject: Re: [wp-hackers] Zombies aimed at WordPress


> Whichever plugin you use, remember this: as long as it either use php and
the
> sql database or htaccess or any other resource like this, in case of
serious
> attack (hundreds or thousands simultaneously), your server will certainly
run
> out of memory, crash, or even reboot if it was not perfectly to handle
such a
> traffic.
>
> On Fri, 14 Oct 2005 00:30:12 +1000, John Ha [c] wrote
> > i used to use referrer-bouncer plugin, but then i needed separate
plugins
> > for comment spam. now bad-behaviour catches all these before a page
> > is requested.
> >
> > if it seems i'm pushing bad-behaviour so much, it's because i'm sick
> > of spammers.
> >
> > if more people used this or a similar technique that blocks page
> > access from spambots, it'd make a big difference (for legit users
> > and spammers - depending on perspective) imho.
> >
> > john ha
> >
> > ----- Original Message ----- 
> > From: "Jason A. Trommetter" <jasontromm at gmail.com>
> > To: <wp-hackers at lists.automattic.com>
> > Sent: Friday, October 14, 2005 12:16 AM
> > Subject: Re: [wp-hackers] Zombies aimed at WordPress
> >
> > > I've been very happy with Referrer Karma from
> > > http://unknowngenius.com/blog/
> > >
> > > It catches thousands of referrer spam hits per day and I suppose it's
> > > blocking zombies also? It integrates very easily into WordPress and
> > > cooperates nicely with Spam Karma.
> > >
> > >
> > > ----- Original message -----
> > > From: "Roy Schestowitz" <r at schestowitz.com>
> > > To: wp-hackers at lists.automattic.com
> > > Date: Thu, 13 Oct 2005 10:47:32 +0100
> > > Subject: [wp-hackers] Zombies aimed at WordPress
> > >
> > > I apologise to have started a new thread, but there are many new
> > > dimensions to
> > > this problem, which increases/spreads exponentially as it seems. All
> > > occurrences of zombie attacks of this kind (see previous thread for
> > > context)
> > > target WordPress... at least the ones I am aware of, having researched
> > > the Web.
> > >  The spammers handpick sensitive (read: heavy) WordPress-generated
> > >  pages. I have
> > > only comes across 3 occurrences of such attacks, best characterised by
> > > Tonga
> > > domains in the referrer field. All occur around the same time across
the
> > > domains.
> > >
> > > The zombies in question are all Windows-based and they almost double
in
> > > number
> > > on a daily basis. I shall soon collaborate with my Web host (SpamValve
> > > and Bad
> > > Behaviour spring to mind). otherwise, considering the current pace of
> > > expansion, my domain would be isolated from cyberspace.  They are
> > > eCommerce
> > > sites whose income depends on the Web and their shops are crippled by
> > > attacks
> > > on my site.
> > >
> > > The attacks I know of affect Windows-, Linux-, and Mac-oriented sites,
> > > so there
> > > is no O/S zeal as a motive; maybe there is CMS zeal, if at all.
> > >
> > > More evidence of the problems are beginning to resurface. Some of you
in
> > > this
> > > list might be affected, but have not noticed it yet. This began (for
me)
> > > at the
> > > start of this month. There were only dozens of attacks at the start so
> > > they were
> > > hard to notice among the logs. Use Technorati to find information on
the
> > > attacks
> > > as it's all fairly recent so unindexed. One source claims that there
are
> > > many
> > > sites affected, but they choose to remain silent or wait for a
diminish
> > > rather
> > > than expansion of this disease. Even the mainstream media exposed
> > > similar
> > > issues a day ago. Some of you may have heard of the Dutch gang that
had
> > > 100,000
> > > zombies and planned an attack. They have just been arrested. A friend
of
> > > mine
> > > said it is a small scale considering what else if out there already.
> > >
> > > I posting this to wp-hackers because it appears to have developed into
a
> > > possible yet-to-be-seen plague that is most detrimental to WordPress.
> > > Judging
> > > by the pattern of the attacks, I can make a few speculations. The
> > > spammers
> > > hijacks or simply inject a rogue process with hard-coded URL's that
vary
> > > (both
> > > referrer and target URL vary, thereby making it hard to filter).
> > >
> > > I don't want to get political (admittedly I have the tendency), but
who
> > > is
> > > liable? It is sure not the host, or Apache, or WordPress (I won't pull
> > > Matt's
> > > finger - pun intended). Who is it that used code spaghetti that left a
> > > gap to
> > > be exploited in the O/S? Or lazy ISP's that harbour rotten traffic?
> > > Countries
> > > of shame in this case are China with thrice as many attacks than
Russia
> > > at
> > > second. Something must be done. This keeps doubling and affecting more
> > > blogs.
> > >
> > > Roy
> > >
> > > -- 
> > > Roy S. Schestowitz      | Roughly 2% of your keyboard is O/S-specific
> > > http://Schestowitz.com  |    SuSE Linux    |     PGP-Key: 74572E8E
> > >  10:30am  up 48 days 22:44,  3 users,  load average: 0.30, 0.32, 0.24
> > >       http://iuron.com - next generation of search paradigms
> > > _______________________________________________
> > > wp-hackers mailing list
> > > wp-hackers at lists.automattic.com
> > > http://lists.automattic.com/mailman/listinfo/wp-hackers
> > >
> > > _______________________________________________
> > > wp-hackers mailing list
> > > wp-hackers at lists.automattic.com
> > > http://lists.automattic.com/mailman/listinfo/wp-hackers
> > >
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
>
>
> --
> Hey mr Money, I can be your honey,
> It's just us three, champaign, you and me!
> http://www.eretzvaju.org
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>



-- 
------------------------ [ SECURITY NOTICE ]
------------------------
To: wp-hackers at lists.automattic.com.
For your security, mailing-lists at netspace.net.au
digitally signed this message on 13 October 2005 at 14:50:01 UTC.
Verify this digital signature at http://www.ciphire.com/verify.
------------------- [ CIPHIRE DIGITAL SIGNATURE ]
-------------------
Q2lwaGlyZSBTaWcuAjh3cC1oYWNrZXJzQGxpc3RzLmF1dG9tYXR0aWMuY29tAG1haWxpb
mctbGlzdHNAbmV0c3BhY2UubmV0LmF1AGVtYWlsIGJvZHkAGBQAAHwAfAAAAAEAAAAZdE
5DGBQAAMcBAAIAAgACACAe5TcBbmIU6owNe1xZd/iId1LWxoic0s8JYnXeBrMqZgEAoH7
uzw9IZPyJ563ZYHUtH1HUo9KSbjEaKJV3swG1UnqX/+8rmncOor+bTtKPdhizCdih36Wf
7UeLBb9WOFB4WuzRZu1gU2lnRW5k
--------------------- [ END DIGITAL SIGNATURE ]
---------------------



More information about the wp-hackers mailing list