[wp-hackers] Zombies aimed at WordPress [s]
John Ha [c]
mailing-lists at netspace.net.au
Thu Oct 13 15:02:06 GMT 2005
yes, a solution at the server level would be better, but more tedious to
maintain. in the end it's what's best for your situation i suppose.
----- Original Message -----
From: "Roy Schestowitz" <r at schestowitz.com>
To: <wp-hackers at lists.automattic.com>
Sent: Friday, October 14, 2005 12:56 AM
Subject: Re: [wp-hackers] Zombies aimed at WordPress
> _____/ On Thu 13 Oct 2005 14:24:18 BST, [Jason Bainbridge] wrote : \_____
> > On 10/13/05, Roy Schestowitz <r at schestowitz.com> wrote:
> >> ...
> >> * Bad Behaviour - needs access to server (pointed out here)
> > Uhm no it doesn't and hence why several times you've been recommended
> > to install it:
> > http://www.ioerror.us/software/bad-behavior/in...
> > Well unless you call FTP'ng the plugin files "Access to the server"
> > but if you don't have FTP well no comment...
> Oh, sorry...! My misinterpretation. The only glaring pitfall is that it
> WordPress only, which probably occupies around 10% of my site's content.
> is indeed an advantage to using a single, uniformal CMS across the entire
> as opposed to a diversity. It decreases the amount of work associated with
> critical updates and it saves some learning curve, complements integration
> so forth. Then again, what would you do when features "in the wild" do not
> overlap sufficiently? For example, image galleries using WordPress, Wiki
> intergation with/encapsulation in WordPress, Forums and blog software...
> _____/ On Thu 13 Oct 2005 15:19:30 BST, [John Ha [c]] wrote : \_____
> > 3rd time lucky? haha...bad-behaviour does not need server access. it's a
> > plugin. drop in and activate, then forget. so if u have access to your
> > pages you can use bad-behaviour. (i view logs using phpadmin - althought
> > bb-stats can be used to see stats generated from this plugin)
> > john ha
> This might serve as a temporary solution. If the attacker moves to
> other pages,
> I will be exposed again. A solution at Apache (or equiv.) level seems
> better in
> the long run.
> _____/ On Thu 13 Oct 2005 15:16:18 BST, [Jason A. Trommetter] wrote :
> > I've been very happy with Referrer Karma from
> > http://unknowngenius.com/blog/
> > It catches thousands of referrer spam hits per day and I suppose it's
> > blocking zombies also? It integrates very easily into WordPress and
> > cooperates nicely with Spam Karma.
> Will it not be hard to tell what it does 'behind the scenes'? I mean,
> apart from
> reviewing the code, there need to be some good summaries. Spaminator, for
> example, was terrible as it killed some genuine comments and it only
> using individual E-mails. Looking at each E-mail in turn was impractical,
> laborious and error-prone. When you compose your own rules and keep them
> simple, it is easier to know what is going on. Thus, you are bound to
> feel more
> relieved with the plug-in/s enabled. There were other such plug-ins which
> problematic. CAPTCHA plug-ins, for instance, caused me (Well... commenters
> rather) a lot of trouble.
> The little I have done seems to have led to same cessation in the number
> attacks. It's based on a very short time period though, so I can't get
> my hopes
> up, yet.
> The following was published 3 hours ago:
> Roy S. Schestowitz | "Black holes are where God is divided by zero"
> http://Schestowitz.com | SuSE Linux | PGP-Key: 74572E8E
> 3:30pm up 49 days 3:44, 4 users, load average: 0.66, 0.64, 0.55
> http://iuron.com - next generation of search paradigms
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
------------------------ [ SECURITY NOTICE ]
To: wp-hackers at lists.automattic.com.
For your security, mailing-lists at netspace.net.au
digitally signed this message on 13 October 2005 at 15:03:16 UTC.
Verify this digital signature at http://www.ciphire.com/verify.
------------------- [ CIPHIRE DIGITAL SIGNATURE ]
--------------------- [ END DIGITAL SIGNATURE ]
More information about the wp-hackers