Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: Example of hacking URLs

  1. #11
    As I am developing my own CMS, this kind of problem is interesting to solve.

    It automatically denies their IP through the .htaccess file.
    I think it is most efficient to have code that adds IPs to the .htaccess file rather than a plugin that checks IPs against a database.

    But on my blog....they end up at my main page.
    Some problems with that approach is that it inflates your web stats with garbage, and wastes bandwidth.

    I'm not a fan of mass IP range banning
    Nor me, but that list I used is only covering small sub nets rather than say: 222. If we build our own ban list, it may not work since every time it may be a new IP.

  2. #12
    Unfortunately, the only way to block spammers, hackers and content scrapers is through a mass banning of IPs. The problem with the Chinese hackers is so severe that it is literally taking thousands of servers down while an attack are being launched.

    The latest WordPress Brute Force Attack is one of the most difficult to block because it consists of hits from over 90,000 IPs on infected servers and PCs around the world.
    "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote." -- Benjamin Franklin

  3. #13
    Obscuring the admin page URL is a very basic first line of defense. Don't make it a standard URL embedded into the default template. Make the hackers work hard at every step.

    Content scraping must be near impossible to block. The defense is to be recognized as the original source I guess? The most trusted source for the info. etc.

  4. #14
    I added Bot Trap to all of my WordPress sites due to the problem with automated scrapers and spam bots. It blocked over 3,000 IPs within the first year.
    "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote." -- Benjamin Franklin

  5. #15
    Running my own server allows for the one .htaccess file to apply to all of the websites. I like this way of working where you only need to update one file to nip things in the bud before all of the log files are polluted.

    Same with WordPress updates, now I only have one install of the script to deal with.

    Ideally, the firewall would block them before they get to the server. But for me, the firewall admin is too tricky.

    This kind of service would be a great selling point for specialized hosting I think where you don't need to install copies of popular scripts on your hosting directly. And the hosting company blocks bad bots etc.

  6. #16
    I'm amazed on the conversations after I have read all of your discussion, and I must say that you are much wiser than them (hackers) I'm not familiar in programming languages, but I understand the analysis happening in this thread. I must say that if you are a brilliant website developer or programmer use it in proper ways.

Page 2 of 2 FirstFirst 12

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts