[wp-hackers] Hacked blogs

Chris Jean gaarai at gaarai.com
Thu Mar 26 15:10:55 GMT 2009

I'd just like to remind everyone that it is trivially-simply to change 
the user agent string in libwww-perl. So, blocking that user agent does 
nothing to stop people who use randomly-generated user agents with their 
attack scripts while it does block people who create and use innocuous 
scripts for whatever reason.

The problem here isn't libwww-perl (or any other user agent for that 
matter); rather, it is whatever hole is being exploited. If we all just 
block the libww-perl user agent and pat ourselves on the back for a job 
well done, we'll be overrun when the exploiters simply change or 
randomize their user agent string.

As for the matter at hand, I'll be very interested to hear more details 
on the situation Joost. Have you found any leads on what is handling 
that op query string request?

Chris Jean

Peter van der Does wrote:
> As for blocking it: I don't believe it's a bad idea as the only tool I
> can think of that in theory should be able to access my blog would be a
> RSS reader. My main RSS feed is through Google, so only a RSS feed for
> comments is accessed on my site and then the chance of somebody using a
> Perl RSS reader is slim.
> I just don't know of any other tool, written in Perl, that would have
> to access my site.

More information about the wp-hackers mailing list