[wp-hackers] Counting failed logins

Scott Merrill skippy at skippy.net
Mon Dec 5 15:30:51 GMT 2005

Owen Winkler wrote:
> I have written an unreleased plugin for this.  I was planning on adding
> a few other security devices before I put it out there.  I was talking
> to Skippy about adding some Impostercide features, and was thinking
> about incorporating some checks of the user table to watch for
> unauthorized capabilities promotion, among other things.

What would constitute an unauthorized capabilities promotion?  That is
to say, how would your plugin know which promotions were authorized and
which weren't?  Will Armor monitor the entire user's table for
permissions, and "do something" when the state changes from one
comparison to the next?

> Other thoughts?

Should there be a record of security events stored in the database, so
that an admin can review recent activity from inside the blog?  I don't
know that it has much long-term value, but I know I generally despise
getting email from my blog.  A long-running attack on a blog might serve
as a DoS against the admin's email account, too.  Yuck.

skippy at skippy.net | http://skippy.net/

gpg --keyserver pgp.mit.edu --recv-keys 9CFA4B35
506C F8BB 17AE 8A05 0B49  3544 476A 7DEC 9CFA 4B35

More information about the wp-hackers mailing list