[wp-hackers] Zombies aimed at WordPress

Jason Bainbridge jbainbridge at gmail.com
Thu Oct 13 15:30:02 GMT 2005

On 10/13/05, Roy Schestowitz <r at schestowitz.com> wrote:
> _____/ On Thu 13 Oct 2005 15:57:17 BST, [ifelse] wrote : \_____
> >> Oh, sorry...! My misinterpretation. The only glaring pitfall is that
> >> it covers WordPress only
> >
> > Actually, Bad behaviour provides cover to any PHP powered site.
> > There's a convenient plugin for WP but you can plug it into a non-WP
> > site easily.
> <snip from site>
> ...
> By default Bad Behavior can provide protection to any PHP script out of
> the box,
> but it cannot provide logging. If you are willing to live without Bad
> Behavior's
> detailed logs, simply install the Bad Behavior folder somewhere on your
> server,
> and then call require_once("/path/to/bad-behavior/bad-behavior-generic.php");
> from your PHP script. I recommend placing this function call in a common piece
> of PHP code which is loaded from all parts of your PHP-based software, so that
> it can provide protection to all parts of your software.
> ...
> </snip>
> Bad Behaviour relies on the fact that requests bubble through
> bad-behavior-generic.php if I understand this correctly (having not looked at
> it in too much depth). What about static pages (the vast majority of my site)?
> Or other methods of dynamic page generation?

You could do something like:


To add the PHP to every request for .htm(l) files.

> Bad Behaviour still serves as somewhat of a bubble that needs to be
> called every
> single time a destined PHP script is run (with possible optimisations
> like "use
> once for each UIP, skip thereafter"). Whereas Apache rules can give a
> long-term
> solution, Bad Behaviour will beg for mending every time as upgrade is put in
> place. There are a few more issues I can think of...

Okay so we are trying to help you stop an attack that is currently
ocurring and instead of implementing measures that we recommend you
waffle on about how better solutions are needed in the long term and
how the solutions don't address all potential problems.

How about instead you implement some or all of the proposed solutions
and limit the effectiveness of the current attack against your site
and then look at longer term solutions that cover all your bases?

Jason Bainbridge
http://kde.org - webmaster at kde.org
Personal Site - http://jasonbainbridge.com

More information about the wp-hackers mailing list