Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: [wp-hackers] Zombies aimed at WordPress

_____/ On Thu 13 Oct 2005 15:57:17 BST, [ifelse] wrote : \_____

Oh, sorry...! My misinterpretation. The only glaring pitfall is that
it covers WordPress only

Actually, Bad behaviour provides cover to any PHP powered site. There's a convenient plugin for WP but you can plug it into a non-WP site easily.

<snip from site>

...

By default Bad Behavior can provide protection to any PHP script out of
the box,
but it cannot provide logging. If you are willing to live without Bad
Behavior?s
detailed logs, simply install the Bad Behavior folder somewhere on your
server,
and then call require_once("/path/to/bad-behavior/bad-behavior-generic.php");
from your PHP script. I recommend placing this function call in a common piece
of PHP code which is loaded from all parts of your PHP-based software, so that
it can provide protection to all parts of your software.

...

</snip>

Bad Behaviour relies on the fact that requests bubble through
bad-behavior-generic.php if I understand this correctly (having not looked at
it in too much depth). What about static pages (the vast majority of my site)?
Or other methods of dynamic page generation?

You are very right at pointing my gross mistake. Bad Behaviour is not
WordPress
only, but rather a simplification was made by wrapping it up in a plug-in with
the necessary header and it contains all the necessary files and the rational
progression of steps in the WP main loop.

Bad Behaviour still serves as somewhat of a bubble that needs to be
called every
single time a destined PHP script is run (with possible optimisations
like "use
once for each UIP, skip thereafter"). Whereas Apache rules can give a
long-term
solution, Bad Behaviour will beg for mending every time as upgrade is put in
place. There are a few more issues I can think of...

Cheers,

Roy


[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index