[wp-hackers] Zombies aimed at WordPress [s]
John Ha [c]
mailing-lists at netspace.net.au
Thu Oct 13 15:33:45 GMT 2005
hear hear
----- Original Message -----
From: "Jason Bainbridge" <jbainbridge at gmail.com>
To: <wp-hackers at lists.automattic.com>
Sent: Friday, October 14, 2005 1:30 AM
Subject: Re: [wp-hackers] Zombies aimed at WordPress
On 10/13/05, Roy Schestowitz <r at schestowitz.com> wrote:
> _____/ On Thu 13 Oct 2005 15:57:17 BST, [ifelse] wrote : \_____
>
> >> Oh, sorry...! My misinterpretation. The only glaring pitfall is that
> >> it covers WordPress only
> >
> > Actually, Bad behaviour provides cover to any PHP powered site.
> > There's a convenient plugin for WP but you can plug it into a non-WP
> > site easily.
>
> <snip from site>
>
> ...
>
> By default Bad Behavior can provide protection to any PHP script out of
> the box,
> but it cannot provide logging. If you are willing to live without Bad
> Behavior's
> detailed logs, simply install the Bad Behavior folder somewhere on your
> server,
> and then call
require_once("/path/to/bad-behavior/bad-behavior-generic.php");
> from your PHP script. I recommend placing this function call in a common
piece
> of PHP code which is loaded from all parts of your PHP-based software, so
that
> it can provide protection to all parts of your software.
>
> ...
>
> </snip>
>
> Bad Behaviour relies on the fact that requests bubble through
> bad-behavior-generic.php if I understand this correctly (having not looked
at
> it in too much depth). What about static pages (the vast majority of my
site)?
> Or other methods of dynamic page generation?
You could do something like:
http://www.webpronews.com/webdevelopment/basicdevelopment/wpn-37-20040429HTACCESSWrapperswithPHP.html
To add the PHP to every request for .htm(l) files.
> Bad Behaviour still serves as somewhat of a bubble that needs to be
> called every
> single time a destined PHP script is run (with possible optimisations
> like "use
> once for each UIP, skip thereafter"). Whereas Apache rules can give a
> long-term
> solution, Bad Behaviour will beg for mending every time as upgrade is put
in
> place. There are a few more issues I can think of...
Okay so we are trying to help you stop an attack that is currently
ocurring and instead of implementing measures that we recommend you
waffle on about how better solutions are needed in the long term and
how the solutions don't address all potential problems.
How about instead you implement some or all of the proposed solutions
and limit the effectiveness of the current attack against your site
and then look at longer term solutions that cover all your bases?
Regards,
--
Jason Bainbridge
http://kde.org - webmaster at kde.org
Personal Site - http://jasonbainbridge.com
_______________________________________________
wp-hackers mailing list
wp-hackers at lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-hackers
--
------------------------ [ SECURITY NOTICE ]
------------------------
To: wp-hackers at lists.automattic.com.
For your security, mailing-lists at netspace.net.au
digitally signed this message on 13 October 2005 at 15:35:01 UTC.
Verify this digital signature at http://www.ciphire.com/verify.
------------------- [ CIPHIRE DIGITAL SIGNATURE ]
-------------------
Q2lwaGlyZSBTaWcuAjh3cC1oYWNrZXJzQGxpc3RzLmF1dG9tYXR0aWMuY29tAG1haWxpb
mctbGlzdHNAbmV0c3BhY2UubmV0LmF1AGVtYWlsIGJvZHkAKwkAAHwAfAAAAAEAAAClfk
5DKwkAAGUCAAIAAgACACAe5TcBbmIU6owNe1xZd/iId1LWxoic0s8JYnXeBrMqZgEAoH7
uzw9IZPyJ563ZYHUtH1HUo9KSbjEaKJV3swG1UnofaO/F9+HAj2NoCv5dEZ6zs7q0Bwen
q0ZlCd+B5n287ibaQblaU2lnRW5k
--------------------- [ END DIGITAL SIGNATURE ]
---------------------
More information about the wp-hackers
mailing list