[geeklog-devel] geeklog-devel Digest, Vol 93, Issue 6
Michael Brusletten
ironmax at spacequad.com
Sat May 17 14:47:57 EDT 2014
Wim,
I'm really surprised that your not using ZBBLOCK by now. It eliminates the
overhead in so many ways, not to also the hits on the web server not having
to process the extra traffic. The signature file(s) are customizable to
what you want to allow to pass or not.
The reason is simple on why hackers/spammers do what they do. Greed, for
fun, don't care about anyone else. Plus, any other reason you could think
of, that would be beneficial to themself.
Michael
Message: 2
Date: Sat, 17 May 2014 17:28:35 +0200
From: Wim Niemans <niemans at nlbox.com>
To: Geeklog Development <geeklog-devel at lists.geeklog.net>
Subject: Re: [geeklog-devel] security issue editor(s)
Message-ID: <E6E0C351-65C3-4EA7-9458-290943D35389 at nlbox.com>
Content-Type: text/plain; charset="windows-1252"
> The downside of using popular open source code for different features is
> you will get bots looking for security holes. I get tons of bots hitting
> my site looking for specific wordpress and joomla files.
Quite interesting. I?m running GL now for more than 10 years, and my new
site gains about 1Gb/month access without a clear clue why.
I?m blocking any IP that tries to login more than 1 time in a second. My
Apache log is now containing nearly exclusive the access denied apache
message.
And this makes me wonder. I run several sites, and this one is the only one
with heavy hacker access. Since 10 years. It?s also the only one running GL
2.
I have 2 thoughts on this:
[1]: there must be something resident in GL that attracts hackers and
thelike. Maybe it is just the published access log?
[2]: this type of access would be useful to earn some money, f.i. with Ad
words on these specific spots and registration pages.
> One feature request to maybe make things more secure is that we could
> allow only so many requests by an ip to a feature they don?t have access
> to before it is blocked for a period of time. The problem with this is we
> could also end up blocking Googlebot etc.. by accident (when they try to
> access stuff they shouldn?t)
Well, if GoogleBot tries to login, it should be blocked immediately, don?t
you agree?
And?.all these accesses to non-authorised places could be equipped with
targeted ad?s. Isn?t that a great way to exploit hacking?
I see a lot of login/registration spoofing with disposable email addresses
(lives 30 mins).
And I think the easy way to avoid these spammer logins/registrations would
be setting a cookie with a one time token. That cookie exists as long as the
new user needs to come again after receiving the confirmation email. Which
means that next access is only granted when the site is visited again with
the very same browser instance.
Wim
On 17 May 2014, at 16:52, Tom <websitemaster at cogeco.net> wrote:
> I believe it was Dengen who integrated the CKEditor so hopefully he will
> provide a more in-depth answer.
More information about the geeklog-devel
mailing list