[wp-hackers] Wordpress Event Viewer Plugin

Computer Guru computerguru at neosmart.net
Tue Apr 3 13:13:44 GMT 2007


I believe it was punBB that had this feature for a *forum* that would email
the admin on failed login. As you can imagine, that's hundreds of logins a
day, and a huge security breach.

It's things like this that give off an aura of "non-professionalism" with
otherwise excellent programs/scripts.

Put it this way: does the admin benefit by knowing the *password* someone
tried to login with?

Computer Guru
NeoSmart Technologies

> -----Original Message-----
> From: wp-hackers-bounces at lists.automattic.com [mailto:wp-hackers-
> bounces at lists.automattic.com] On Behalf Of Brian Layman
> Sent: Tuesday, April 03, 2007 4:16 PM
> To: wp-hackers at lists.automattic.com
> Subject: RE: [wp-hackers] Wordpress Event Viewer Plugin
> A word of warning, please realize that some users will be highly
> offended if
> they find out failed passwords are logged in plain text anywhere in the
> system.  You would be logging failed attempts by valid users as well as
> fake
> ones.
> There's a disconnect in peoples' minds between the fact that they are
> sending a password to a webserver and the fact that it can be read by
> the
> people who run the site.  The thought that some sites are likely
> created
> just to harvest passwords is a bit bothersome, but I'm sure its true.
> I
> just hope it's not true of any really popular sites.
> I once saw someone write one of these plugins for another web app and
> they
> had it email the invalid login attempts (with mistyped passwords) to
> the
> admin email address.  Well the admin email address for this site
> delivered a
> list of about 20 people.  So those people all saw the mistyping and
> pretty
> much could guess at what the passwords really should have been.  That
> included failed admin logins too  Also users tried alternative
> passwords
> that had been used at other sites and they thought they had used at
> this
> site too.  Since each admin had different privileges, this was a
> complete
> security breakdown.  The plugin was quickly turned off.
> There are some real-life issues here.  The passwords are stored in an
> "encrypted" field in WordPress for a reason.  I'd also worry that if
> you
> included a failed password logging feature, someone would hack your
> plugin
> to simply always email the passwords out for every login.  That
> wouldn't be
> your responsibility, but the plugin is probably easier to decipher than
> the
> actual WP log in code is.  And it is something to consider.
> So, basically if I added a feature like that, I would make certain to
> restrict log access to the admins and to use a nonce so that browsing
> or
> posting directly to the log viewing page is only allowed by those
> admins.  I
> would also make it optional and leave it off by default.  But that's
> just
> me.  Some might not have any problem at all with this.
> _______________________________________________
> Brian Layman
> http://www.TheCodeCave.com
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list