Checking the server logs, I found that 403 Forbidden errors were up from 6% last month to a whopping 31% so far this month! Granted, not every 403 is the result of hostile action. Old links and errant bots account for some of them, but the degree of increase is still quite significant.
The blind file injection/inclusion attacks being made against my site/host’s server involve a php script injection attack that tries to take advantage of certain phpbb web forum scripts and the other was a Txx multiple remote file inclusion exploit. Since I use neither software package, the attacks were fruitless.
phpbb is a very popular web forum software package but I’ve never heard of Txx prior to these attacks. Apparently it’s a Slovakian-made open source content management system. It seems the hackers are casting a very wide net.
I’ve simply banned the IPs where the attempts originated and I’ve gone so far as to ban entire networks. Since my blog’s low traffic, the potential loss in foreign readership is not an issue at all.
Ugh! My .htaccess file is starting to become unwieldy with all these IP bans. I’m hoping it doesn’t come to the point where it starts significantly impacting performance.
I’m also starting to think that I’ll have to create a new installation for the blog and trim down the Wordpress plugins bloat. I use quite a few plugins because they’re incredibly handy and add a lot of functionality to the blog. However, the more plugins one uses, the greater the potential for introducing a vulnerability.
Tags: exploits, hacking, scraping, script injection
Entries (RSS)