[geeklog-devel] geeklog-devel Digest, Vol 93, Issue 6

Sat May 17 14:47:57 EDT 2014

Wim,

I'm really surprised that your not using ZBBLOCK by now.  It eliminates the 
overhead in so many ways, not to also the hits on the web server not having 
to process the extra traffic.  The signature file(s) are customizable to 
what you want to allow to pass or not.

The reason is simple on why hackers/spammers do what they do.  Greed, for 
fun, don't care about anyone else.  Plus, any other reason you could think 
of, that would be beneficial to themself.

Michael

Message: 2
Date: Sat, 17 May 2014 17:28:35 +0200
From: Wim Niemans <niemans at nlbox.com>
To: Geeklog Development <geeklog-devel at lists.geeklog.net>
Subject: Re: [geeklog-devel] security issue editor(s)
Message-ID: <E6E0C351-65C3-4EA7-9458-290943D35389 at nlbox.com>
Content-Type: text/plain; charset="windows-1252"

> The downside of using popular open source code for different features is 
> you will get bots looking for security holes.  I get tons of bots hitting 
> my site looking for specific wordpress and joomla files.

Quite interesting. I?m running GL now for more than 10 years, and my new 
site gains about 1Gb/month access without a clear clue why.
I?m blocking any IP that tries to login more than 1 time in a second. My 
Apache log is now containing nearly exclusive the access denied apache 
message.
And this makes me wonder. I run several sites, and this one is the only one 
with heavy hacker access. Since 10 years. It?s also the only one running GL 
2.
I have 2 thoughts on this:
[1]: there must be something resident in GL that attracts hackers and 
thelike. Maybe it is just the published access log?
[2]: this type of access would be useful to earn some money, f.i. with Ad 
words on these specific spots and registration pages.

>  One feature request to maybe make things more secure is that we could 
> allow only so many requests by an ip to a feature they don?t have access 
> to before it is blocked for a period of time. The problem with this is we 
> could also end up blocking Googlebot etc.. by accident (when they try to 
> access stuff they shouldn?t)

Well, if GoogleBot tries to login, it should be blocked immediately, don?t 
you agree?
And?.all these accesses to non-authorised places could be equipped with 
targeted ad?s. Isn?t that a great way to exploit hacking?

I see a lot of login/registration spoofing with disposable email addresses 
(lives 30 mins).
And I think the easy way to avoid these spammer logins/registrations would 
be setting a cookie with a one time token. That cookie exists as long as the 
new user needs to come again after receiving the confirmation email. Which 
means that next access is only granted when the site is visited again with 
the very same browser instance.

Wim

On 17 May 2014, at 16:52, Tom <websitemaster at cogeco.net> wrote:

> I believe it was Dengen who integrated the CKEditor so hopefully he will 
> provide a more in-depth answer. 