[wp-hackers] Hacked blogs
Chris Jean
gaarai at gaarai.com
Thu Mar 26 15:10:55 GMT 2009
I'd just like to remind everyone that it is trivially-simply to change
the user agent string in libwww-perl. So, blocking that user agent does
nothing to stop people who use randomly-generated user agents with their
attack scripts while it does block people who create and use innocuous
scripts for whatever reason.
The problem here isn't libwww-perl (or any other user agent for that
matter); rather, it is whatever hole is being exploited. If we all just
block the libww-perl user agent and pat ourselves on the back for a job
well done, we'll be overrun when the exploiters simply change or
randomize their user agent string.
As for the matter at hand, I'll be very interested to hear more details
on the situation Joost. Have you found any leads on what is handling
that op query string request?
Chris Jean
http://gaarai.com/
http://wp-roadmap.com/
http://dnsyogi.com/
Peter van der Does wrote:
> As for blocking it: I don't believe it's a bad idea as the only tool I
> can think of that in theory should be able to access my blog would be a
> RSS reader. My main RSS feed is through Google, so only a RSS feed for
> comments is accessed on my site and then the chance of somebody using a
> Perl RSS reader is slim.
>
> I just don't know of any other tool, written in Perl, that would have
> to access my site.
>
More information about the wp-hackers
mailing list