Bookmark and Share

Updating wp-ban to include bad URLs

Posted: Sunday, September 6th, 2009 at 12:52 amUpdated: Friday, September 11th, 2009 at 8:20 am

I’ve posted _PHPLIB[libdir] Cross Site Scripting Exploit Explained a while back. Now I’m getting tired of these bozos trying to hack my system in vain, wasting my bandwith and driving up fake page views on my StatPress. So I decided to patch wp-ban to include what I considered bad URLs.

Since I’ll be using wp-ban, it should go without saying that you need WordPress. The changes that I made was for wp-ban 1.50, the current version at the time of this writing.

So first, install wp-ban 1.50 by following this direction. My recommendation is for you to have wp-ban configured, up and running first.

Updating wp-ban to include bad URL ban

The easy way

I’ve made a patch file that you can directly apply to your existing wp-ban folder. Here’s the step:

  1. Make sure you have wp-ban 1.50. If you have something lower, please upgrade to wp-ban 1.50 first. If yours is higher, you can try the manual way on page 2 or leave me a note as I’ll need to update the patch to work on version > 1.50.
  2. Backup BACKUP BACKUP your existing wp-ban directory.
    user@www:~/wp-content/plugins$ cp -R wp-ban wp-ban.bak
  3. Before we apply the patch, let’s disable wp-ban. On wp-admin, navigate to Plugins -> Installed. Click on deactivate link on wp-ban.
  4. Download wp-ban bad URL patch file. Save it under wp-content/plugins/wp-ban directory.
  5. OPTIONAL. If your system doesn’t have patch program yet, do install it by running the command below (on Debian based systems)
    user@www:~$ sudo apt-get install patch
  6. Patch your existing wp-ban installation to have bad URL functionality.
    user@www:~/wp-content/plugins/wp-ban$ sudo patch -p1 -i \
    > wp-ban.1.50.bad-urls.patch
    patching file ban-options.php
    patching file wp-ban.php
  7. Reactivate wp-ban
  8. On wp-admin navigate to Settings -> Ban. You should see all your previous settings plus one new row for settings of bad URLs.
  9. My recommendation is to add the following 3 lines on Banned Ban URLs section.
    • includedir=http://
    • _SERVER[DOCUMENT_ROOT]=http://
    • _PHPLIB[libdir]=http://
    • _phplib%5Blibdir%5D=http://
    • WN_BASEDIR=http://
    • _server[document_root]=http://

    If you find any other URL patterns worth mentioning, please do me a favor and add them on the comments field. Thank you.

  10. Test your newly pimped out wp-ban. If it doesn’t work, restore the backup. (You DID make a backup, didn’t you?)

If for some reasons the easy way doesn’t work for you or you have wp-ban other than version 1.50, go on to the next page. We’ll have to do it the hard way.

Pages: 1 2 3

2 Responses to “Updating wp-ban to include bad URLs”

  1. tygern8r Says:

    AWESOME!! Thanks for the work. I\’ve been getting nailed by some Koreans constantly trying the SERVER[DOCUMENT_ROOT] over and over again. Even though I\’ve banned them by IP, WP-Ban isn\’t banning them. Hopefully this will take care of them. If not, I\’ll just have to htaccess them.

  2. Maresa Says:

    Kewl 🙂 Glad you like it …

Leave a Reply

Time limit is exhausted. Please reload the CAPTCHA.