[wp-hackers] Zombies aimed at WordPress

Jason A. Trommetter jasontromm at gmail.com
Thu Oct 13 14:16:18 GMT 2005

I've been very happy with Referrer Karma from

It catches thousands of referrer spam hits per day and I suppose it's
blocking zombies also? It integrates very easily into WordPress and
cooperates nicely with Spam Karma.

----- Original message -----
From: "Roy Schestowitz" <r at schestowitz.com>
To: wp-hackers at lists.automattic.com
Date: Thu, 13 Oct 2005 10:47:32 +0100
Subject: [wp-hackers] Zombies aimed at WordPress

I apologise to have started a new thread, but there are many new
dimensions to
this problem, which increases/spreads exponentially as it seems. All
occurrences of zombie attacks of this kind (see previous thread for
target WordPress... at least the ones I am aware of, having researched
the Web.
 The spammers handpick sensitive (read: heavy) WordPress-generated
 pages. I have
only comes across 3 occurrences of such attacks, best characterised by
domains in the referrer field. All occur around the same time across the

The zombies in question are all Windows-based and they almost double in
on a daily basis. I shall soon collaborate with my Web host (SpamValve
and Bad
Behaviour spring to mind). otherwise, considering the current pace of
expansion, my domain would be isolated from cyberspace.  They are
sites whose income depends on the Web and their shops are crippled by
on my site.

The attacks I know of affect Windows-, Linux-, and Mac-oriented sites,
so there
is no O/S zeal as a motive; maybe there is CMS zeal, if at all.

More evidence of the problems are beginning to resurface. Some of you in
list might be affected, but have not noticed it yet. This began (for me)
at the
start of this month. There were only dozens of attacks at the start so
they were
hard to notice among the logs. Use Technorati to find information on the
as it's all fairly recent so unindexed. One source claims that there are
sites affected, but they choose to remain silent or wait for a diminish
than expansion of this disease. Even the mainstream media exposed
issues a day ago. Some of you may have heard of the Dutch gang that had
zombies and planned an attack. They have just been arrested. A friend of
said it is a small scale considering what else if out there already.

I posting this to wp-hackers because it appears to have developed into a
possible yet-to-be-seen plague that is most detrimental to WordPress.
by the pattern of the attacks, I can make a few speculations. The
hijacks or simply inject a rogue process with hard-coded URL's that vary
referrer and target URL vary, thereby making it hard to filter).

I don't want to get political (admittedly I have the tendency), but who
liable? It is sure not the host, or Apache, or WordPress (I won't pull
finger - pun intended). Who is it that used code spaghetti that left a
gap to
be exploited in the O/S? Or lazy ISP's that harbour rotten traffic?
of shame in this case are China with thrice as many attacks than Russia
second. Something must be done. This keeps doubling and affecting more


Roy S. Schestowitz      | Roughly 2% of your keyboard is O/S-specific
http://Schestowitz.com  |    SuSE Linux    |     PGP-Key: 74572E8E
 10:30am  up 48 days 22:44,  3 users,  load average: 0.30, 0.32, 0.24
      http://iuron.com - next generation of search paradigms
wp-hackers mailing list
wp-hackers at lists.automattic.com

More information about the wp-hackers mailing list