Archive for November, 2014

Malicious attack last night

Thursday, November 13th, 2014

I have an experimental plugin that detects SQL injection and malicious code insertions attacks. I watch the Apache logs and another log that I create for odd things, and I have found robot probes that try to insert SQL into get strings or PHP eval functions that load up encrypted code.

The plugin works well and I catch dozens of attempts per day. Unfortunately, the plugin that updates the htaccess file in real time now puts a comment that contains the offending string. One of the strings had an interesting combination of garbage (by chance, I think) that corrupted the htaccess file. As a result the site was down from around 1 AM until 8:40 this morning. I have fixed the plugin to properly truncate and encode strings so that the file does not screw up again.

I am sorry for anyone who needed to access the site during this time.

BlogsEye.com is my test bed. I run bleeding edge nightlies from WordPress and if it goes down there is no great loss to me. I just fix the problem and bring it up. There are, however, a hundred or so surfers who appear to be human according to the logs, so the problem must have blocked at least a few dozen people from accessing the site last night. Probably the greater damage to me was the beneficial spiders like GoogleBot hitting a brick wall and hurting my search rankings.