I THINK I HAVE A SOLUTION FOR 90% OF ALL SITES BEING ATTACKED

  • What a loser do when he tries to discover a victim to attack? In the case of wordpress, he searches google for the phrase PROUDLY POWERED BY WORDPRESS. This is the start.

    Now, the loser have a list of sites using wordpress.

    The second phase involves the fact that he knows the name of all wordpress’ PHP files. If some of these files has vulnerabilities, he will use them to exploit the site.

    NOW THE SOLUTION FOR ALL PROBLEMS:

    1) imagine that, during installation wordpress files could be named to whatever names user’s want. Imagine a page during installation where the admin could change the names of all wordpress files. The real names of all files could be on a database.

    2) during the installation all wordpress files would be renamed to those chosen by user and these names stored on a database that would be used by WP to know each name.

    3) third, the phrase PROUDLY POWERED BY WORDPRESS should be replaced by an image with the same phrase. Of course, the name of this image could be changed during installation. Same could be done for every string constant on wordpress. Everything constant should allow replacing to make wp’s installations hard to find on google.

    I do that for a long time with scripts like FormMail.pl…that I use under other hard to guess names…

    That’s it.

    I am suggesting this cause my wp installation was attacked and a loser has posted 720 thousand port-sex-medicine advertisings in a week.

    I hope this can be used in some way.

Viewing 3 replies - 31 through 33 (of 33 total)

  • Going back to your original point, you say your site was “attacked”. Are you talking about spam comments, or was the attacker actually able to make posts?

    Thread Starter HairyPotter

    (@hairypotter)

    The attacker was able to make posts. Thousands! In fact, posts and comments. I had to rename the php files in order to stop him. That was the only way to stop him. Nothing appeared to stop him. He posted with total easy. He used some sort of script to run specific files of WP installation, in order to post.

    I am the only one allowed to post. Nobody have neither authorization or even logins/passwords, just me and I never disclosered to anyone.

    amazing!

    I don’t believe this is being suggested as the ONLY method in helping tighten up a site.

    It is true, that obscurity is not an answer to security.

    However, it is part of an overall security plan.

    By simply having the current hard coded directories as a variable, then defining them in the config file, it at least allows someone the option of renaming them to something else.

    It isn’t a cure, or something that couldn’t be figured out, but the case with most people looking to ‘harm’ a site are looking for an easy target. If they can hit 10 easy targets, or 1 or 2 more difficult ones, they always go the route where they stand to gain the most exposure and return on their time.

    Like I said, it’s one option in a list. Part of an overall plan.
    Nothing is fool proof, there is always a hole somewhere. I don’t care who you are, there is always something.

    It comes down to making a hard target. And if you can even prevent 80% of your problems now, you’re still a lot farther along than you were.

    So is it a complete answer? No.

    It’s just another tool to use in the overall plan.

Viewing 3 replies - 31 through 33 (of 33 total)
  • The topic ‘I THINK I HAVE A SOLUTION FOR 90% OF ALL SITES BEING ATTACKED’ is closed to new replies.