{"id":1037,"date":"2014-11-13T10:28:22","date_gmt":"2014-11-13T14:28:22","guid":{"rendered":"http:\/\/www.blogseye.com\/?p=1037"},"modified":"2014-11-13T10:29:27","modified_gmt":"2014-11-13T14:29:27","slug":"malicious-attack-last-night","status":"publish","type":"post","link":"http:\/\/blogseye\/2014\/11\/malicious-attack-last-night.html","title":{"rendered":"Malicious attack last night"},"content":{"rendered":"<p>I have an experimental plugin that detects SQL injection and malicious code insertions attacks. I watch the Apache logs and another log that I create for odd things, and I have found robot probes that try to insert SQL into get strings or PHP eval functions that load up encrypted code.<\/p>\n<p>The plugin works well and I catch dozens of attempts per day. Unfortunately, the plugin that updates the htaccess file in real time now puts a comment that contains the offending string. One of the strings had an interesting combination of garbage (by chance, I think) that corrupted the htaccess file. As a result the site was down from around 1 AM until 8:40 this morning. I have fixed the plugin to properly truncate and encode strings so that the file does not screw up again. <\/p>\n<p>I am sorry for anyone who needed to access the site during this time.<\/p>\n<p>BlogsEye.com is my test bed. I run bleeding edge nightlies from WordPress and if it goes down there is no great loss to me. I just fix the problem and bring it up. There are, however, a hundred or so surfers who appear to be human according to the logs, so the problem must have blocked at least a few dozen people from accessing the site last night. Probably the greater damage to me was the beneficial spiders like GoogleBot hitting a brick wall and hurting my search rankings.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I have an experimental plugin that detects SQL injection and malicious code insertions attacks. I watch the Apache logs and another log that I create for odd things, and I have found robot probes that try to insert SQL into get strings or PHP eval functions that load up encrypted code. The plugin works well [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/posts\/1037"}],"collection":[{"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/comments?post=1037"}],"version-history":[{"count":3,"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/posts\/1037\/revisions"}],"predecessor-version":[{"id":1040,"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/posts\/1037\/revisions\/1040"}],"wp:attachment":[{"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/media?parent=1037"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/categories?post=1037"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/tags?post=1037"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}