charleshking
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: Site HackedI notice that the injected code I posted got redacted… that seems fair enough 🙂 sorry…
but, is there any way – or any where – I can get some advice on it?
Cheers
Charlie
Forum: Fixing WordPress
In reply to: Site HackedThanks, Tara 🙂
I’ve got most of those on my reading list at the moment, but there’s a few extra ones there!
I’d be interested to know what this particular exploit is, but it’s tricky to google examples of obfusticated php…
Cheers
Charlie
songdogtech – Ah, ok I see what you mean. Presumably that would work if my client’s site is being attacked by IP address, and not by its web address (which would seem odd, but hey).
As I replied to mrmist, I can see that just blocking access to the network in question is a potential solution, be that with my host’s help or by .htaccess, but that strikes me as massaging the symptoms rather than addressing the disease. One would hope that a legitimate hosting company would be more keen to provide reasonable control of their customers…
I like the http://perishablepress.com/stupid-htaccess-tricks/ article, thank you. I didn’t know that one can filter an entrant address by CIDR number! Thank you.
Cheers
Charlie
mrmist – I did consider that, and it’s a potential solution, but according to ARIN, they have 15 class C networks allocated and blocking the whole range seems a tad drastic (and will likely affect innocent bystanders).
I did consider redirecting their net in .htaccess to a page saying ‘sorry too much abusive traffic from your host, please ask your administrator for help’.
I’m not familiar with how things work in the USA, but I believe in Europe that if I sign an agreement with an upstream ISP, then it will include clauses requiring me to be proactive in preventing abuse from within my allocation. If that were the case, for example, a form ‘Cease and Desist’ copied to the upstream provider ought to sharpen their thinking (they can’t resell a product that they aren’t able to source…)
Otherwise, I could just roll over and ignore it, and accept the hit in functionality – it’s not hugely significant after all – but the principle of allowing dodgy behaviour to go unchallenged on the basis that it’s ‘a bit of an effort’ is only going to encourage it.
Cheers
Charlie
Thank you for your reply, songdogtech.
For clarification, I’m not talking about my host – I’m talking about the other host: a commercial provider who seems happy to allow attacks to be carried out from within his network. Changing my host won’t change that.
The reason I’m asking about this on a WordPress forum is that it is an attack specific to WordPress that, doubtless, other WordPress administrators have experienced, and will experience again.
A practical way to deal with this kind of thing would be a useful asset to a community of CMS admins, I suspect.
Cheers
Charlie
Forum: Fixing WordPress
In reply to: Weird host log entries. Possible attack?Thank you esmi.
I don’t post via email, but I kind of think that it is polite to accept pingbacks. I read that article with interest, and will probably disable xmlrpc at least for a little while.
Mind you, if I’m mucking around in htaccess, the temptation will be strong to serve back something large and/or distasteful 🙂
Cheers
Charlie