[wp-hackers] Zombies aimed at WordPress

ifelse wordswithstyle at gmail.com
Thu Oct 13 14:57:17 GMT 2005


> Oh, sorry...! My misinterpretation. The only glaring pitfall is that it covers WordPress only
Actually, Bad behaviour provides cover to any PHP powered site.
There's a convenient plugin for WP but you can plug it into a non-WP
site easily.

On 13/10/05, Roy Schestowitz <r at schestowitz.com> wrote:
> _____/ On Thu 13 Oct 2005 14:24:18 BST, [Jason Bainbridge] wrote : \_____
>
> > On 10/13/05, Roy Schestowitz <r at schestowitz.com> wrote:
> >> ...
> >> * Bad Behaviour - needs access to server (pointed out here)
> >
> > Uhm no it doesn't and hence why several times you've been recommended
> > to install it:
> >
> > http://www.ioerror.us/software/bad-behavior/in...
> >
> > Well unless you call FTP'ng the plugin files "Access to the server"
> > but if you don't have FTP well no comment...
>
>
> Oh, sorry...! My misinterpretation. The only glaring pitfall is that it covers
> WordPress only, which probably occupies around 10% of my site's content. There
> is indeed an advantage to using a single, uniformal CMS across the entire site
> as opposed to a diversity. It decreases the amount of work associated with
> critical updates and it saves some learning curve, complements integration and
> so forth. Then again, what would you do when features "in the wild" do not
> overlap sufficiently? For example, image galleries using WordPress, Wiki
> intergation with/encapsulation in WordPress, Forums and blog software...
>
>
> _____/ On Thu 13 Oct 2005 15:19:30 BST, [John Ha [c]] wrote : \_____
>
> > 3rd time lucky? haha...bad-behaviour does not need server access. it's a
> > plugin. drop in and activate, then forget. so if u have access to your admin
> > pages you can use bad-behaviour. (i view logs using phpadmin - althought
> > bb-stats can be used to see stats generated from this plugin)
> >
> > john ha
>
> This might serve as a temporary solution. If the attacker moves to
> other pages,
> I will be exposed again. A solution at Apache (or equiv.) level seems
> better in
> the long run.
>
>
> _____/ On Thu 13 Oct 2005 15:16:18 BST, [Jason A. Trommetter] wrote : \_____
>
> > I've been very happy with Referrer Karma from
> > http://unknowngenius.com/blog/
> >
> > It catches thousands of referrer spam hits per day and I suppose it's
> > blocking zombies also? It integrates very easily into WordPress and
> > cooperates nicely with Spam Karma.
>
> Will it not be hard to tell what it does 'behind the scenes'? I mean,
> apart from
> reviewing the code, there need to be some good summaries. Spaminator, for
> example, was terrible as it killed some genuine comments and it only logged
> using individual E-mails. Looking at each E-mail in turn was impractical,
> laborious and error-prone. When you compose your own rules and keep them
> simple, it is easier to know what is going on. Thus, you are bound to
> feel more
> relieved with the plug-in/s enabled. There were other such plug-ins which were
> problematic. CAPTCHA plug-ins, for instance, caused me (Well... commenters
> rather) a lot of trouble.
>
> The little I have done seems to have led to same cessation in the number of
> attacks. It's based on a very short time period though, so I can't get
> my hopes
> up, yet.
>
> The following was published 3 hours ago:
>
> http://www.pcpro.co.uk/news/78589/uk-as-zombie-nation-in-doubt.html
>
> Roy
> --
> Roy S. Schestowitz      | "Black holes are where God is divided by zero"
> http://Schestowitz.com  |    SuSE Linux    |     PGP-Key: 74572E8E
>   3:30pm  up 49 days  3:44,  4 users,  load average: 0.66, 0.64, 0.55
>       http://iuron.com - next generation of search paradigms
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


--
Phu
http://ifelse.co.uk


More information about the wp-hackers mailing list