[wp-hackers] Zombies aimed at WordPress [s]
Frederic de Villamil
fdevillamil at gmail.com
Thu Oct 13 14:36:20 GMT 2005
Whichever plugin you use, remember this: as long as it either use php and the
sql database or htaccess or any other resource like this, in case of serious
attack (hundreds or thousands simultaneously), your server will certainly run
out of memory, crash, or even reboot if it was not perfectly to handle such a
traffic.
On Fri, 14 Oct 2005 00:30:12 +1000, John Ha [c] wrote
> i used to use referrer-bouncer plugin, but then i needed separate plugins
> for comment spam. now bad-behaviour catches all these before a page
> is requested.
>
> if it seems i'm pushing bad-behaviour so much, it's because i'm sick
> of spammers.
>
> if more people used this or a similar technique that blocks page
> access from spambots, it'd make a big difference (for legit users
> and spammers - depending on perspective) imho.
>
> john ha
>
> ----- Original Message -----
> From: "Jason A. Trommetter" <jasontromm at gmail.com>
> To: <wp-hackers at lists.automattic.com>
> Sent: Friday, October 14, 2005 12:16 AM
> Subject: Re: [wp-hackers] Zombies aimed at WordPress
>
> > I've been very happy with Referrer Karma from
> > http://unknowngenius.com/blog/
> >
> > It catches thousands of referrer spam hits per day and I suppose it's
> > blocking zombies also? It integrates very easily into WordPress and
> > cooperates nicely with Spam Karma.
> >
> >
> > ----- Original message -----
> > From: "Roy Schestowitz" <r at schestowitz.com>
> > To: wp-hackers at lists.automattic.com
> > Date: Thu, 13 Oct 2005 10:47:32 +0100
> > Subject: [wp-hackers] Zombies aimed at WordPress
> >
> > I apologise to have started a new thread, but there are many new
> > dimensions to
> > this problem, which increases/spreads exponentially as it seems. All
> > occurrences of zombie attacks of this kind (see previous thread for
> > context)
> > target WordPress... at least the ones I am aware of, having researched
> > the Web.
> > The spammers handpick sensitive (read: heavy) WordPress-generated
> > pages. I have
> > only comes across 3 occurrences of such attacks, best characterised by
> > Tonga
> > domains in the referrer field. All occur around the same time across the
> > domains.
> >
> > The zombies in question are all Windows-based and they almost double in
> > number
> > on a daily basis. I shall soon collaborate with my Web host (SpamValve
> > and Bad
> > Behaviour spring to mind). otherwise, considering the current pace of
> > expansion, my domain would be isolated from cyberspace. They are
> > eCommerce
> > sites whose income depends on the Web and their shops are crippled by
> > attacks
> > on my site.
> >
> > The attacks I know of affect Windows-, Linux-, and Mac-oriented sites,
> > so there
> > is no O/S zeal as a motive; maybe there is CMS zeal, if at all.
> >
> > More evidence of the problems are beginning to resurface. Some of you in
> > this
> > list might be affected, but have not noticed it yet. This began (for me)
> > at the
> > start of this month. There were only dozens of attacks at the start so
> > they were
> > hard to notice among the logs. Use Technorati to find information on the
> > attacks
> > as it's all fairly recent so unindexed. One source claims that there are
> > many
> > sites affected, but they choose to remain silent or wait for a diminish
> > rather
> > than expansion of this disease. Even the mainstream media exposed
> > similar
> > issues a day ago. Some of you may have heard of the Dutch gang that had
> > 100,000
> > zombies and planned an attack. They have just been arrested. A friend of
> > mine
> > said it is a small scale considering what else if out there already.
> >
> > I posting this to wp-hackers because it appears to have developed into a
> > possible yet-to-be-seen plague that is most detrimental to WordPress.
> > Judging
> > by the pattern of the attacks, I can make a few speculations. The
> > spammers
> > hijacks or simply inject a rogue process with hard-coded URL's that vary
> > (both
> > referrer and target URL vary, thereby making it hard to filter).
> >
> > I don't want to get political (admittedly I have the tendency), but who
> > is
> > liable? It is sure not the host, or Apache, or WordPress (I won't pull
> > Matt's
> > finger - pun intended). Who is it that used code spaghetti that left a
> > gap to
> > be exploited in the O/S? Or lazy ISP's that harbour rotten traffic?
> > Countries
> > of shame in this case are China with thrice as many attacks than Russia
> > at
> > second. Something must be done. This keeps doubling and affecting more
> > blogs.
> >
> > Roy
> >
> > --
> > Roy S. Schestowitz | Roughly 2% of your keyboard is O/S-specific
> > http://Schestowitz.com | SuSE Linux | PGP-Key: 74572E8E
> > 10:30am up 48 days 22:44, 3 users, load average: 0.30, 0.32, 0.24
> > http://iuron.com - next generation of search paradigms
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
>
> --
> ------------------------ [ SECURITY NOTICE ]
> ------------------------
> To: wp-hackers at lists.automattic.com.
> For your security, mailing-lists at netspace.net.au
> digitally signed this message on 13 October 2005 at 14:31:23 UTC.
> Verify this digital signature at http://www.ciphire.com/verify.
> ------------------- [ CIPHIRE DIGITAL SIGNATURE ]
> -------------------
> Q2lwaGlyZSBTaWcuAjh3cC1oYWNrZXJzQGxpc3RzLmF1dG9tYXR0aWMuY29tAG1haWxpb
> mctbGlzdHNAbmV0c3BhY2UubmV0LmF1AGVtYWlsIGJvZHkAtw4AAHwAfAAAAAEAAAC7b0
> 5Dtw4AAP0CAAIAAgACACAe5TcBbmIU6owNe1xZd/iId1LWxoic0s8JYnXeBrMqZgEAoH7
> uzw9IZPyJ563ZYHUtH1HUo9KSbjEaKJV3swG1UnqDDYiRg2mqu8lzfq7KteUpQnmO9A7L
> HZGuiscTb+02xBlDq8g+U2lnRW5k
> --------------------- [ END DIGITAL SIGNATURE ]
> ---------------------
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
--
Hey mr Money, I can be your honey,
It's just us three, champaign, you and me!
http://www.eretzvaju.org
More information about the wp-hackers
mailing list