[wp-hackers] Zombies aimed at WordPress

Roy Schestowitz r at schestowitz.com
Thu Oct 13 14:56:34 GMT 2005

_____/ On Thu 13 Oct 2005 14:24:18 BST, [Jason Bainbridge] wrote : \_____

> On 10/13/05, Roy Schestowitz <r at schestowitz.com> wrote:
>> ...
>> * Bad Behaviour - needs access to server (pointed out here)
> Uhm no it doesn't and hence why several times you've been recommended
> to install it:
> http://www.ioerror.us/software/bad-behavior/in...
> Well unless you call FTP'ng the plugin files "Access to the server"
> but if you don't have FTP well no comment...

Oh, sorry...! My misinterpretation. The only glaring pitfall is that it covers
WordPress only, which probably occupies around 10% of my site's content. There
is indeed an advantage to using a single, uniformal CMS across the entire site
as opposed to a diversity. It decreases the amount of work associated with
critical updates and it saves some learning curve, complements integration and
so forth. Then again, what would you do when features "in the wild" do not
overlap sufficiently? For example, image galleries using WordPress, Wiki
intergation with/encapsulation in WordPress, Forums and blog software...

_____/ On Thu 13 Oct 2005 15:19:30 BST, [John Ha [c]] wrote : \_____

> 3rd time lucky? haha...bad-behaviour does not need server access. it's a
> plugin. drop in and activate, then forget. so if u have access to your admin
> pages you can use bad-behaviour. (i view logs using phpadmin - althought
> bb-stats can be used to see stats generated from this plugin)
> john ha

This might serve as a temporary solution. If the attacker moves to 
other pages,
I will be exposed again. A solution at Apache (or equiv.) level seems 
better in
the long run.

_____/ On Thu 13 Oct 2005 15:16:18 BST, [Jason A. Trommetter] wrote : \_____

> I've been very happy with Referrer Karma from
> http://unknowngenius.com/blog/
> It catches thousands of referrer spam hits per day and I suppose it's
> blocking zombies also? It integrates very easily into WordPress and
> cooperates nicely with Spam Karma.

Will it not be hard to tell what it does 'behind the scenes'? I mean, 
apart from
reviewing the code, there need to be some good summaries. Spaminator, for
example, was terrible as it killed some genuine comments and it only logged
using individual E-mails. Looking at each E-mail in turn was impractical,
laborious and error-prone. When you compose your own rules and keep them
simple, it is easier to know what is going on. Thus, you are bound to 
feel more
relieved with the plug-in/s enabled. There were other such plug-ins which were
problematic. CAPTCHA plug-ins, for instance, caused me (Well... commenters
rather) a lot of trouble.

The little I have done seems to have led to same cessation in the number of
attacks. It's based on a very short time period though, so I can't get 
my hopes
up, yet.

The following was published 3 hours ago:


Roy S. Schestowitz      | "Black holes are where God is divided by zero"
http://Schestowitz.com  |    SuSE Linux    |     PGP-Key: 74572E8E
  3:30pm  up 49 days  3:44,  4 users,  load average: 0.66, 0.64, 0.55
      http://iuron.com - next generation of search paradigms

More information about the wp-hackers mailing list