Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: Example of hacking URLs

  1. #11
    Andy101's Avatar
    Andy101 is offline Code Otaku
    Join Date
    Aug 2009
    Location
    Kanazawa
    Posts
    1,252
    Thanks
    173
    Thanked 303 Times in 230 Posts
    As I am developing my own CMS, this kind of problem is interesting to solve.

    It automatically denies their IP through the .htaccess file.
    I think it is most efficient to have code that adds IPs to the .htaccess file rather than a plugin that checks IPs against a database.

    But on my blog....they end up at my main page.
    Some problems with that approach is that it inflates your web stats with garbage, and wastes bandwidth.

    I'm not a fan of mass IP range banning
    Nor me, but that list I used is only covering small sub nets rather than say: 222. If we build our own ban list, it may not work since every time it may be a new IP.

  2. #12
    TopDogger's Avatar
    TopDogger is offline Über Hund
    Join Date
    Jan 2009
    Location
    Hellfire, AZ
    Posts
    3,050
    Thanks
    345
    Thanked 909 Times in 694 Posts
    Unfortunately, the only way to block spammers, hackers and content scrapers is through a mass banning of IPs. The problem with the Chinese hackers is so severe that it is literally taking thousands of servers down while an attack are being launched.

    The latest WordPress Brute Force Attack is one of the most difficult to block because it consists of hits from over 90,000 IPs on infected servers and PCs around the world.
    "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote." -- Benjamin Franklin


  3. #13
    Andy101's Avatar
    Andy101 is offline Code Otaku
    Join Date
    Aug 2009
    Location
    Kanazawa
    Posts
    1,252
    Thanks
    173
    Thanked 303 Times in 230 Posts
    Obscuring the admin page URL is a very basic first line of defense. Don't make it a standard URL embedded into the default template. Make the hackers work hard at every step.

    Content scraping must be near impossible to block. The defense is to be recognized as the original source I guess? The most trusted source for the info. etc.

  4. #14
    TopDogger's Avatar
    TopDogger is offline Über Hund
    Join Date
    Jan 2009
    Location
    Hellfire, AZ
    Posts
    3,050
    Thanks
    345
    Thanked 909 Times in 694 Posts
    I added Bot Trap to all of my WordPress sites due to the problem with automated scrapers and spam bots. It blocked over 3,000 IPs within the first year.
    "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote." -- Benjamin Franklin


  5. #15
    Andy101's Avatar
    Andy101 is offline Code Otaku
    Join Date
    Aug 2009
    Location
    Kanazawa
    Posts
    1,252
    Thanks
    173
    Thanked 303 Times in 230 Posts
    Running my own server allows for the one .htaccess file to apply to all of the websites. I like this way of working where you only need to update one file to nip things in the bud before all of the log files are polluted.

    Same with WordPress updates, now I only have one install of the script to deal with.

    Ideally, the firewall would block them before they get to the server. But for me, the firewall admin is too tricky.

    This kind of service would be a great selling point for specialized hosting I think where you don't need to install copies of popular scripts on your hosting directly. And the hosting company blocks bad bots etc.

  6. #16
    StevePoster's Avatar
    StevePoster is offline Explorer from Nowhere
    Join Date
    Oct 2013
    Location
    Philippines
    Posts
    233
    Thanks
    0
    Thanked 9 Times in 9 Posts
    I'm amazed on the conversations after I have read all of your discussion, and I must say that you are much wiser than them (hackers) I'm not familiar in programming languages, but I understand the analysis happening in this thread. I must say that if you are a brilliant website developer or programmer use it in proper ways.

Page 2 of 2 FirstFirst 12

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •