_____/ On Thu 13 Oct 2005 16:04:17 BST, [Jason Bainbridge] wrote : \_____
On 10/13/05, Roy Schestowitz <r@xxxxxxxxxxxxxxx> wrote:
_____/ On Thu 13 Oct 2005 14:24:18 BST, [Jason Bainbridge] wrote : \_____
> On 10/13/05, Roy Schestowitz <r@xxxxxxxxxxxxxxx> wrote:
>> ...
>> * Bad Behaviour - needs access to server (pointed out here)
>
> Uhm no it doesn't and hence why several times you've been recommended
> to install it:
>
> http://www.ioerror.us/software/bad-behavior/in...
>
> Well unless you call FTP'ng the plugin files "Access to the server"
> but if you don't have FTP well no comment...
Oh, sorry...! My misinterpretation. The only glaring pitfall is that
it covers
WordPress only, which probably occupies around 10% of my site's
content. There
is indeed an advantage to using a single, uniformal CMS across the
entire site
as opposed to a diversity. It decreases the amount of work associated with
critical updates and it saves some learning curve, complements
integration and
so forth. Then again, what would you do when features "in the wild" do not
overlap sufficiently? For example, image galleries using WordPress, Wiki
intergation with/encapsulation in WordPress, Forums and blog software...
Huh? First you make a big political speech about zombies targetting
Wordpress sites only and then a solution to address problems with
Wordpress isn't adequate as Wordpress is only used for 10% of your
site, so which is it?
You are right at putting it that way. I mistakenly posted with the
subject line
"Re: [wp-hackers] Zombies aimed at WordPress" although I intended to put
question marks at the end. By the time I had posted the message I
realised that
it was too late to add indication of doubt. I have just renamed the subject
line, hoping it would not lead to anomalies among other people's E-mail client
(fragmented threading).
In principle, I sought a solution that will protect the site by principle, not
just WordPress. That's what I had in mind all along. If the spammers 'stop by'
Bad Behaviour et al., I believe that would still muck up the logs.
FYI Bad Behavior also runs with Drupal, MediaWiki, Geeklog and
DotClear out of the box with logging and you can use it on any other
PHP script but you lose the logging unless you are knowledgable enough
to port it over:
http://www.ioerror.us/software/bad-behavior/installing-and-using-bad-behavior/
Personally I only use Spam Karma 2 at the moment as I only get the
ocassional bot trying to post comments and SK2 takes care of that just
fine.
Also I saw you mentioned earlier that you were generating AWStats
during the day (well US time at least), you probably don't want to do
that as that would upset your host more than what the attacks would as
it takes quite a bit of grunt to process those stats.
Yes, I'm aware of the issue with aggregating numbers at the end; it is taking
big lumps of memory, especially when large logs are involved and IP tables can
become huge. Having said that, the attackers change targetted URL's. Some such
URL's take _megabytes_ per page request. it's no coincidence. The attacks aim
for it. Therefore, I must keep abreast of what they do and redirect to
403.shtml as soon as possible. I even removed images and stripped things off
that page temporarily. Had I not done that yesterday, I estimate that roughly
2MB x 30,000 (~60GB) of bandwidth would have been requested for the 'most
sensitive' page which flagged the beginning of these attacks around Oct. 2nd.
Needless to say, that traffic would not have been delivered. The server would
have denied access or grind to a halt. To make matters worse, it is a shared
server.
Roy
--
Roy S. Schestowitz | Software patents destroy innovation
http://Schestowitz.com | SuSE Linux | PGP-Key: 74572E8E
4:20pm up 49 days 4:34, 3 users, load average: 0.33, 0.45, 0.45
http://iuron.com - next generation of search paradigms
|
|
