Security Issues

Two such issues, actually. 

When I recent­ly installed a SEO plu­g­in, it includ­ed a log of all “404” calls. Each “404” is a serv­er response to an attempt to find a non-exis­tence page the blog. 

One of these issues involves a bla­tant attempt to fish for spe­cif­ic PHP files (the script­ing lan­guage files that serve as the back­ground for the web­site) that have a known secu­ri­ty error. This file, named “timthumb.php” is not present in the stan­dard Word­Press instal­la­tion but it is includ­ed in some themes and plu­g­ins, and is used to manip­u­late screen image files. The intent is to use access to this file to bypass the web­site secu­ri­ty by tak­ing advan­tage of this file’s abil­i­ty to write a any kind of file into the Word­Press direc­to­ry, after which the per­son can use that file to gain access to the entire direc­to­ry sys­tem, upon which they are able to mod­i­fy exist­ing PHP files or install their own soft­ware there. 

For­tu­nate­ly this web­site is not affect­ed: I don’t have or use any oth­er themes or plu­g­ins which include that spe­cif­ic file. How­ev­er, the inter­mit­tent, repeat­ed attempts to find this file does cause some load on the sys­tem and are annoy­ing, which is why I am try­ing to block them any way I can. 

The oth­er issue involves the “spi­der” robot, the web device that scans web­site sites for infor­ma­tion and changes to web­sites. All the major web search sites, like Google, Bing, Yahoo, etc., use them, and for the most part, they are well-behaved. But there is one that is not, and that’s the Baidu spi­der robot. Baidu is the major Chi­nese web search site. Ever since I installed the “404” mon­i­tor, I have seen dozens, if not over a hun­dred, attempts a day of the Baidu spi­der crawl­ing my blog and search­ing for a spe­cif­ic, non-exis­tent file under a com­bi­na­tion of many dif­fer­ent loca­tions. Its almost as if the spi­der robot pro­gram is bad­ly designed and does­n’t under­stand that is com­plete­ly miss­ing the pic­ture here. 

What links these two issues is the fact that I have not been able to block either using the two com­mon web­site func­tions “robots.txt” and “.htac­cess”. The Baidu sys­tem says that its spi­der robot obeys the “robots.txt” file but oth­er web com­men­tary insists that it does­n’t. The scan­ner that hunts for the “timthumb.php” file prob­a­bly does­n’t either. That said, I have set the “robots.txt” file to dis­al­low those two spi­der robots, with­out suc­cess. This is what I am using: 

User-agent: Baiduspider

Disallow: /

User-agent: Baiduspider/2.0

Disallow: /

User-Agent: PycURL/7.19.7

Disallow: /

The oth­er func­tion is to use the “.htac­cess” file, which is a sys­tem lev­el direc­tive to the serv­er to ignore these robots accord­ing to the user agent name they give when attempt­ing to access the web­site. Unfor­tu­nate­ly, this tile is a lit­tle more dif­fi­cult to code. This is what I have been rec­om­mend­ed to use. 

#Block bad bots

SetEnvIfNoCase User-Agent "^Baidu[Ss]pider" bad_bot=1

SetEnvIfNoCase User-Agent "^PycURL" bad_bot=1

Order Allow,Deny

Allow from all

Deny from env=bad_bot

Unfor­tu­nate­ly, it does­n’t appear to work, either. I don’t know if this is a prob­lem of cod­ing the restric­tions or if the restric­tion file is not in the cor­rect places: this is an area that I have lit­tle expe­ri­ence with. My web­site host cus­tomer ser­vice has not been much help, either. 

If any­one has a sug­ges­tion to make, feel free to respond.

Comments are closed.