[wp-hackers] Zombies aimed at WordPress [s]

John Ha [c] mailing-lists at netspace.net.au
Thu Oct 13 15:33:45 GMT 2005

hear hear
----- Original Message ----- 
From: "Jason Bainbridge" <jbainbridge at gmail.com>
To: <wp-hackers at lists.automattic.com>
Sent: Friday, October 14, 2005 1:30 AM
Subject: Re: [wp-hackers] Zombies aimed at WordPress

On 10/13/05, Roy Schestowitz <r at schestowitz.com> wrote:
> _____/ On Thu 13 Oct 2005 15:57:17 BST, [ifelse] wrote : \_____
> >> Oh, sorry...! My misinterpretation. The only glaring pitfall is that
> >> it covers WordPress only
> >
> > Actually, Bad behaviour provides cover to any PHP powered site.
> > There's a convenient plugin for WP but you can plug it into a non-WP
> > site easily.
> <snip from site>
> ...
> By default Bad Behavior can provide protection to any PHP script out of
> the box,
> but it cannot provide logging. If you are willing to live without Bad
> Behavior's
> detailed logs, simply install the Bad Behavior folder somewhere on your
> server,
> and then call
> from your PHP script. I recommend placing this function call in a common
> of PHP code which is loaded from all parts of your PHP-based software, so
> it can provide protection to all parts of your software.
> ...
> </snip>
> Bad Behaviour relies on the fact that requests bubble through
> bad-behavior-generic.php if I understand this correctly (having not looked
> it in too much depth). What about static pages (the vast majority of my
> Or other methods of dynamic page generation?

You could do something like:


To add the PHP to every request for .htm(l) files.

> Bad Behaviour still serves as somewhat of a bubble that needs to be
> called every
> single time a destined PHP script is run (with possible optimisations
> like "use
> once for each UIP, skip thereafter"). Whereas Apache rules can give a
> long-term
> solution, Bad Behaviour will beg for mending every time as upgrade is put
> place. There are a few more issues I can think of...

Okay so we are trying to help you stop an attack that is currently
ocurring and instead of implementing measures that we recommend you
waffle on about how better solutions are needed in the long term and
how the solutions don't address all potential problems.

How about instead you implement some or all of the proposed solutions
and limit the effectiveness of the current attack against your site
and then look at longer term solutions that cover all your bases?

Jason Bainbridge
http://kde.org - webmaster at kde.org
Personal Site - http://jasonbainbridge.com
wp-hackers mailing list
wp-hackers at lists.automattic.com

------------------------ [ SECURITY NOTICE ]
To: wp-hackers at lists.automattic.com.
For your security, mailing-lists at netspace.net.au
digitally signed this message on 13 October 2005 at 15:35:01 UTC.
Verify this digital signature at http://www.ciphire.com/verify.
------------------- [ CIPHIRE DIGITAL SIGNATURE ]
--------------------- [ END DIGITAL SIGNATURE ]

More information about the wp-hackers mailing list