Eli's WordPress Blog

My WordPress Plugins, and other stuff.

Main menu

Skip to primary content
Skip to secondary content
  • All Posts
  • Anti-Malware
  • Google Analytics
  • Related Posts
  • SHORTcURL
  • SQL Reports

Tag Archives: security

Just what do you think you are doing, Dave?

Posted on May 3, 2013 by Eli Scheetz
4

In the last two weeks I have been working on perfecting a patch for the wp-login.php page that will prevent a swarm of brute-force attacks from guessing your password or bringing down your server. When I first released this patch it was a bit overzealous and caused a few people to be temporarily locked out of their own blogs as their login attempts were incorrectly identified as brute-force attacks.

This patch of mine has also caused a small wave of paranoia because it displays the unconventional (and a possibly spooky) message “Just what do you think you are doing, Dave?“ whenever brute-force or too many failed logins is detected. This message is a quote from the movie 2001: A Space Odyssey. Even though I intended this message to bring out the humor of the situation, I also feel it is very relevant (unless your name is not Dave :-)

The linked response “Open the Pod bay doors, HAL!“ also a quote from the same movie and it’s just there to link you back to the login page should you wan to try to login again.

I have also received many inquiries as to why the wp-login.php file is flagged as an WP Login Exploit on every install of WordPress, even brand new installs of the most current version. This is simply because WordPress has no built-in brute-force protection and it’s login page is exploitable. It has been clearly demonstrated through the widespread attacks on login pages around the world as of late that it is not only vulnerable to password cracks via brute-force but it also has been shown to overload and bring down a whole server if the attacks are too numerous. That is why my patch also prevents the loading of the WordPress bootstrap if a brute-force attack is detected so that your server’s resources are not tied up just telling hackers if they guessed the right password or not.

I hope this helps answer your questions about this new threat and my approach to solving it. Feel free to leave a comment if I could do better explaining anything.


Download of GOTMLS from WordPress.org

Posted in Anti-Malware | Tagged security, wp-login.php | 4 Replies

Now available in the WordPress Repository

Posted on March 26, 2012 by Eli Scheetz
10

I just released my new Anti-Malware plugin for WordPress. It is still in BETA but I think it will be very helpful in removing malicious scripts and patching security vulnerabilities.

An example scan that found some threats

Please leave feedback and donate whenever possible.


Download of GOTMLS from WordPress.org

Posted in Anti-Malware | Tagged plugins, security, WordPress | 10 Replies

Archives

Recomended Software

  • SpiderOak SpiderOak
  • Ubuntu Ubuntu
Proudly powered by WordPress2011 Child Theme by
  Globals Profiler (1,016.19 ms) SQL (94 queries in 15.87 ms) Errors (0) Toggle Close
$_GET = array (
);

$_POST = array (
);

$_COOKIE = array (
);

$_SESSION = array (
  'GOTMLS_SESSION_LAST' => 0,
  'GOTMLS_SESSION_TIME' => 1695752015.339474,
  'GOTMLS_detected_attacks' => '',
  'GOTMLS_login_attempts' => 0,
);

$_SERVER = array (
  'SERVER_SOFTWARE' => 'Apache',
  'REQUEST_URI' => '/tag/security/',
  'CONTEXT_DOCUMENT_ROOT' => '/home/elijah/sites/wordpress.ieonly.com/public_html',
  'CONTEXT_PREFIX' => '',
  'DOCUMENT_ROOT' => '/home/elijah/sites/wordpress.ieonly.com/public_html',
  'GATEWAY_INTERFACE' => 'CGI/1.1',
  'HTTPS' => 'on',
  'HTTP_ACCEPT' => 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
  'HTTP_ACCEPT_ENCODING' => 'br,gzip',
  'HTTP_ACCEPT_LANGUAGE' => 'en-US,en;q=0.5',
  'HTTP_AUTHORIZATION' => '',
  'HTTP_CONNECTION' => 'Keep-Alive',
  'HTTP_HOST' => 'wordpress.ieonly.com',
  'HTTP_USER_AGENT' => 'CCBot/2.0 (https://commoncrawl.org/faq/)',
  'PATH' => '/bin',
  'PERL5LIB' => '/usr/share/awstats/lib:/usr/share/awstats/plugins',
  'QUERY_STRING' => '',
  'REDIRECT_HTTPS' => 'on',
  'REDIRECT_HTTP_AUTHORIZATION' => '',
  'REDIRECT_PERL5LIB' => '/usr/share/awstats/lib:/usr/share/awstats/plugins',
  'REDIRECT_SSL_TLS_SNI' => 'wordpress.ieonly.com',
  'REDIRECT_STATUS' => '200',
  'REDIRECT_UNIQUE_ID' => 'ZRMfT1gilMtnKh4@673atgAAAAc',
  'REDIRECT_URL' => '/tag/security/',
  'REMOTE_ADDR' => '3.214.184.223',
  'REMOTE_PORT' => '47830',
  'REQUEST_METHOD' => 'GET',
  'REQUEST_SCHEME' => 'https',
  'SCRIPT_FILENAME' => '/home/elijah/sites/wordpress.ieonly.com/public_html/index.php',
  'SCRIPT_NAME' => '/index.php',
  'SERVER_ADDR' => '158.69.23.200',
  'SERVER_ADMIN' => 'root@localhost',
  'SERVER_NAME' => 'wordpress.ieonly.com',
  'SERVER_PORT' => '443',
  'SERVER_PROTOCOL' => 'HTTP/1.1',
  'SERVER_SIGNATURE' => '',
  'SSL_TLS_SNI' => 'wordpress.ieonly.com',
  'UNIQUE_ID' => 'ZRMfT1gilMtnKh4@673atgAAAAc',
  'dont_vary' => '1',
  'no_gzip' => '1',
  'PHP_SELF' => '/index.php',
  'REQUEST_TIME_FLOAT' => 1695752015.32361,
  'REQUEST_TIME' => 1695752015,
);

Profiler Initiaded 0.0000 ms 36337 kB
Profiler Noise 0.0041 ms 36337 kB
Profiler Stopped 1,016.1901 ms 93721 kB
0.2599 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'GOTMLS_nonce_array' LIMIT 1;
0.1359 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'GOTMLS_definitions_array' LIMIT 1;
0.0989 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'GOTMLS_scan_log/3.214.184.223/1695752015.4508' LIMIT 1;
0.2301 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'at_options' LIMIT 1;
0.0870 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'jetpack_edit_links_calypso_redirect' LIMIT 1;
0.1092 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'uninstall_plugins' LIMIT 1;
0.2329 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'woocommerce_allow_tracking' LIMIT 1;
0.1011 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'as_has_wp_comment_logs' LIMIT 1;
0.0861 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'jetpack_connection_xmlrpc_verified_errors' LIMIT 1;
0.0861 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'jetpack_sync_error_idc' LIMIT 1;
0.1500 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'classic-editor-allow-users' LIMIT 1;
0.0820 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'classic-editor-replace' LIMIT 1;
0.0851 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'jetpack_excluded_extensions' LIMIT 1;
0.1838 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'woocommerce_navigation_enabled' LIMIT 1;
0.0851 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'woocommerce_settings_enabled' LIMIT 1;
0.0989 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'woocommerce_show_marketplace_suggestions' LIMIT 1;
0.1321 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'woocommerce_myaccount_view_subscriptions_endpoint' LIMIT 1;
0.1011 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'wcpay_account_data' LIMIT 1;
0.1051 [ms]
SELECT option_value FROM wp_options WHERE option_name = '_wcpay_feature_platform_checkout' LIMIT 1;
0.0968 [ms]
SELECT option_value FROM wp_options WHERE option_name = '_wcpay_feature_customer_multi_currency' LIMIT 1;
0.1440 [ms]
SELECT option_value FROM wp_options WHERE option_name = '_transient_timeout_wcpay_currency_format' LIMIT 1;
0.2780 [ms]
SELECT option_value FROM wp_options WHERE option_name = '_transient_wcpay_currency_format' LIMIT 1;
0.1221 [ms]
SELECT option_value FROM wp_options WHERE option_name = '_transient_timeout_wcpay_locale_info' LIMIT 1;
2.4359 [ms]
SELECT option_value FROM wp_options WHERE option_name = '_transient_wcpay_locale_info' LIMIT 1;
0.1540 [ms]
SELECT option_value FROM wp_options WHERE option_name = '_wcpay_feature_upe' LIMIT 1;
0.1361 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'jetpack_sync_non_blocking' LIMIT 1;
0.2038 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'wc_connect_debug_logging_enabled' LIMIT 1;
0.1321 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'wc_connect_debug_display_enabled' LIMIT 1;
0.0861 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'wc_connect_services' LIMIT 1;
0.1040 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'woocommerce_setup_automated_taxes' LIMIT 1;
0.1020 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'jetpack_connection_disabled_plugins' LIMIT 1;
0.1349 [ms]
SELECT * FROM wp_posts WHERE ID = 1676 LIMIT 1;
0.0949 [ms]
SELECT option_value FROM wp_options WHERE option_name = '_transient_timeout_wcs_do_subscriptions_exist' LIMIT 1;
0.0918 [ms]
SELECT option_value FROM wp_options WHERE option_name = '_transient_wcs_do_subscriptions_exist' LIMIT 1;
0.1140 [ms]
SELECT ID FROM wp_posts WHERE post_type = 'shop_subscription' LIMIT 1;;
0.1080 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'webpc_settings' LIMIT 1;
0.0851 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'webpc_token_data' LIMIT 1;
0.3111 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'medium_crop' LIMIT 1;
0.1230 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'medium_large_crop' LIMIT 1;
0.1509 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'large_crop' LIMIT 1;
0.1700 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'woocommerce_thumbnail_cropping' LIMIT 1;
0.1640 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'wcpay_multi_currency_retrieval_error' LIMIT 1;
0.0811 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'wcpay_multi_currency_cached_currencies' LIMIT 1;
0.0691 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'wcpay_multi_currency_enabled_currencies' LIMIT 1;
0.1361 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'wcpay_multi_currency_price_charm_usd' LIMIT 1;
0.1168 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'wcpay_multi_currency_price_rounding_usd' LIMIT 1;
0.1020 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'wcpay_multi_currency_exchange_rate_usd' LIMIT 1;
0.0679 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'wcpay_multi_currency_enable_auto_currency' LIMIT 1;
0.0811 [ms]
SELECT zone_id, zone_name, zone_order FROM wp_woocommerce_shipping_zones order by zone_order ASC, zone_id ASC;;
0.0682 [ms]
SELECT location_code, location_type FROM wp_woocommerce_shipping_zone_locations WHERE zone_id = 0;
0.0658 [ms]
SELECT method_id, method_order, instance_id, is_enabled FROM wp_woocommerce_shipping_zone_methods WHERE zone_id = 0;
0.0861 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'woocommerce_flat_rate_settings' LIMIT 1;
0.0689 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'woocommerce_free_shipping_settings' LIMIT 1;
0.0648 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'woocommerce_international_delivery_settings' LIMIT 1;
0.0620 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'woocommerce_local_delivery_settings' LIMIT 1;
0.0491 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'woocommerce_local_pickup_settings' LIMIT 1;
0.0558 [ms]
SELECT option_value FROM wp_options WHERE option_name = '_transient_timeout_doing_cron' LIMIT 1;
0.0620 [ms]
SELECT option_value FROM wp_options WHERE option_name = '_transient_doing_cron' LIMIT 1;
0.4621 [ms]
INSERT INTO `wp_options` (`option_name`, `option_value`, `autoload`) VALUES ('_transient_doing_cron', '1695752015.8082120418548583984375', 'yes') ON
DUPLICATE KEY UPDATE `option_name` = VALUES(`option_name`), `option_value` = VALUES(`option_value`), `autoload` = VALUES(`autoload`);
0.3421 [ms]

			SELECT  t.term_id
			FROM wp_terms AS t  INNER JOIN wp_term_taxonomy AS tt ON t.term_id = tt.term_id
			WHERE tt.taxonomy IN ('post_tag') AND t.slug IN ('security')
			
			LIMIT 1
		;
0.1659 [ms]
SELECT t.*, tt.* FROM wp_terms AS t INNER JOIN wp_term_taxonomy AS tt ON t.term_id = tt.term_id WHERE t.term_id IN (51);
0.3071 [ms]

					SELECT SQL_CALC_FOUND_ROWS  wp_posts.ID
					FROM wp_posts  LEFT JOIN wp_term_relationships ON (wp_posts.ID = wp_term_relationships.object_id)
					WHERE 1=1  AND ( 
  wp_term_relationships.term_taxonomy_id IN (54)
) AND ((wp_posts.post_type = 'post' AND (wp_posts.post_status = 'publish')))
					GROUP BY wp_posts.ID
					ORDER BY wp_posts.post_date DESC
					LIMIT 0, 10
				;
0.0939 [ms]
SELECT FOUND_ROWS();
0.1531 [ms]
SELECT wp_posts.* FROM wp_posts WHERE ID IN (546,286);
0.1950 [ms]
SELECT post_id, meta_key, meta_value FROM wp_postmeta WHERE post_id IN (546,286) ORDER BY meta_id ASC;
0.2589 [ms]

			SELECT DISTINCT t.term_id, tr.object_id
			FROM wp_terms AS t  INNER JOIN wp_term_taxonomy AS tt ON t.term_id = tt.term_id INNER JOIN wp_term_relationships AS tr ON tr.term_taxonomy_id =
tt.term_taxonomy_id
			WHERE tt.taxonomy IN ('category', 'post_tag', 'post_format') AND tr.object_id IN (546, 286)
			ORDER BY t.name ASC
			
		;
0.1459 [ms]
SELECT t.*, tt.* FROM wp_terms AS t INNER JOIN wp_term_taxonomy AS tt ON t.term_id = tt.term_id WHERE t.term_id IN (44,16,108,98);
0.1731 [ms]
SELECT meta_id FROM wp_shareable_meta WHERE meta_type = 'REMOTE_ADDR' AND meta_value = '3.214.184.223';
0.0849 [ms]
SELECT meta_id FROM wp_shareable_meta WHERE meta_type = 'HTTP_USER_AGENT' AND meta_value = 'CCBot/2.0 (https://commoncrawl.org/faq/)';
0.0741 [ms]
SELECT meta_id FROM wp_shareable_meta WHERE meta_type = 'HTTP_REFERER' AND meta_value = '';
0.0839 [ms]
SELECT meta_id FROM wp_shareable_meta WHERE meta_type = 'REQUEST_URI' AND meta_value = '/tag/security/';
0.3080 [ms]
INSERT INTO wp_shareable_hits (`MONTH_OF`, REMOTE_ADDR, HTTP_USER_AGENT, HTTP_REFERER, REQUEST_URI, last_view, wp_user, hit_count) VALUES ('2023-09',
40690, 7541, 16079, 121, '2023-09-26 18:13:36', 0, 1) ON DUPLICATE KEY UPDATE last_view = '2023-09-26 18:13:36', wp_user = 0, hit_count = hit_count +
1;
0.1311 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'woocommerce_cart_page_id' LIMIT 1;
0.0780 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'woocommerce_checkout_page_id' LIMIT 1;
0.0770 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'woocommerce_myaccount_page_id' LIMIT 1;
0.1230 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'sharedaddy_disable_resources' LIMIT 1;
0.1562 [ms]
SELECT * FROM wp_posts WHERE ID = 1677 LIMIT 1;
0.0842 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'site_logo' LIMIT 1;
0.0939 [ms]
SELECT option_value FROM wp_options WHERE option_name = 'woocommerce_demo_store' LIMIT 1;
0.1440 [ms]
SELECT t.*, tt.* FROM wp_terms AS t INNER JOIN wp_term_taxonomy AS tt ON t.term_id = tt.term_id WHERE t.term_id = 105;
0.2701 [ms]

			SELECT   wp_posts.*
			FROM wp_posts  LEFT JOIN wp_term_relationships ON (wp_posts.ID = wp_term_relationships.object_id)
			WHERE 1=1  AND ( 
  wp_term_relationships.term_taxonomy_id IN (108)
) AND wp_posts.post_type = 'nav_menu_item' AND ((wp_posts.post_status = 'publish'))
			GROUP BY wp_posts.ID
			ORDER BY wp_posts.menu_order ASC
			
		;
0.3560 [ms]
SELECT post_id, meta_key, meta_value FROM wp_postmeta WHERE post_id IN (620,623,624,626,628,629) ORDER BY meta_id ASC;
0.1969 [ms]
SELECT t.*, tt.* FROM wp_terms AS t INNER JOIN wp_term_taxonomy AS tt ON t.term_id = tt.term_id WHERE t.term_id IN (103,21,84,35);
0.1190 [ms]
SELECT t.*, tt.* FROM wp_terms AS t INNER JOIN wp_term_taxonomy AS tt ON t.term_id = tt.term_id WHERE t.term_id = 22;
0.3259 [ms]
SELECT user_id, meta_key, meta_value FROM wp_usermeta WHERE user_id IN (1) ORDER BY umeta_id ASC;
0.1211 [ms]
SELECT * FROM wp_users WHERE ID IN (1);
0.1669 [ms]

			SELECT DISTINCT t.term_id
			FROM wp_terms AS t  INNER JOIN wp_term_taxonomy AS tt ON t.term_id = tt.term_id INNER JOIN wp_term_relationships AS tr ON tr.term_taxonomy_id =
tt.term_taxonomy_id
			WHERE tt.taxonomy IN ('category') AND tr.object_id IN (546)
			ORDER BY t.name ASC
			
		;
0.2141 [ms]

			SELECT DISTINCT t.term_id
			FROM wp_terms AS t  INNER JOIN wp_term_taxonomy AS tt ON t.term_id = tt.term_id INNER JOIN wp_term_relationships AS tr ON tr.term_taxonomy_id =
tt.term_taxonomy_id
			WHERE tt.taxonomy IN ('category') AND tr.object_id IN (286)
			ORDER BY t.name ASC
			
		;
0.1690 [ms]
SELECT post_id, meta_key, meta_value FROM wp_postmeta WHERE post_id IN (287) ORDER BY meta_id ASC;
0.2341 [ms]
SELECT YEAR(post_date) AS `year`, MONTH(post_date) AS `month`, count(ID) as posts FROM wp_posts  WHERE post_type = 'post' AND post_status = 'publish'
GROUP BY YEAR(post_date), MONTH(post_date) ORDER BY post_date DESC ;
0.1891 [ms]

					SELECT SQL_CALC_FOUND_ROWS  wp_posts.ID
					FROM wp_posts 
					WHERE 1=1  AND ( 
  ( YEAR( wp_posts.post_date ) = 2022 AND MONTH( wp_posts.post_date ) = 9 )
) AND ( 
  YEAR( wp_posts.post_date ) < 2023
) AND ((wp_posts.post_type = 'post' AND (wp_posts.post_status = 'publish')))
					
					ORDER BY wp_posts.post_date ASC
					LIMIT 0, 15
				;
0.1378 [ms]

			SELECT  t.term_id
			FROM wp_terms AS t  INNER JOIN wp_term_taxonomy AS tt ON t.term_id = tt.term_id
			WHERE tt.taxonomy IN ('link_category') AND t.term_id IN ( 43 ) AND tt.count > 0
			ORDER BY t.name ASC
			
		;
0.1550 [ms]
SELECT t.*, tt.* FROM wp_terms AS t INNER JOIN wp_term_taxonomy AS tt ON t.term_id = tt.term_id WHERE t.term_id IN (43);
0.2491 [ms]
SELECT *    FROM wp_links  INNER JOIN wp_term_relationships AS tr ON (wp_links.link_id = tr.object_id) INNER JOIN wp_term_taxonomy as tt ON
tt.term_taxonomy_id = tr.term_taxonomy_id WHERE 1=1 AND link_visible = 'Y'  AND ( tt.term_id = 43 ) AND taxonomy = 'link_category'    ORDER BY
link_name ASC;