I’ve posted _PHPLIB[libdir] Cross Site Scripting Exploit Explained a while back. Now I’m getting tired of these bozos trying to hack my system in vain, wasting my bandwith and driving up fake page views on my StatPress. So I decided to patch wp-ban to include what I considered bad URLs.
So first, install wp-ban 1.50 by following this direction. My recommendation is for you to have wp-ban configured, up and running first.
Updating wp-ban to include bad URL ban
The easy way
I’ve made a patch file that you can directly apply to your existing wp-ban folder. Here’s the step:
- Make sure you have wp-ban 1.50. If you have something lower, please upgrade to wp-ban 1.50 first. If yours is higher, you can try the manual way on page 2 or leave me a note as I’ll need to update the patch to work on version > 1.50.
- Backup BACKUP BACKUP your existing wp-ban directory.
user@www:~/wp-content/plugins$ cp -R wp-ban wp-ban.bak
- Before we apply the patch, let’s disable wp-ban. On wp-admin, navigate to Plugins -> Installed. Click on deactivate link on wp-ban.
- Download wp-ban bad URL patch file. Save it under wp-content/plugins/wp-ban directory.
- OPTIONAL. If your system doesn’t have patch program yet, do install it by running the command below (on Debian based systems)
user@www:~$ sudo apt-get install patch
- Patch your existing wp-ban installation to have bad URL functionality.
user@www:~/wp-content/plugins/wp-ban$ sudo patch -p1 -i \ > wp-ban.1.50.bad-urls.patch patching file ban-options.php patching file wp-ban.php
- Reactivate wp-ban
- On wp-admin navigate to Settings -> Ban. You should see all your previous settings plus one new row for settings of bad URLs.
- My recommendation is to add the following 3 lines on Banned Ban URLs section.
If you find any other URL patterns worth mentioning, please do me a favor and add them on the comments field. Thank you.
- Test your newly pimped out wp-ban. If it doesn’t work, restore the backup. (You DID make a backup, didn’t you?)
If for some reasons the easy way doesn’t work for you or you have wp-ban other than version 1.50, go on to the next page. We’ll have to do it the hard way.