Accelerate your eCommerce ambitions with adeptCommerce Suite

SEO Egghead Consulting Group is a web development firm dedicated to creating custom, search-engine-optimized web site applications.

We specialize in eCommerce and content management web sites that not only render information beautifully to the human, but also satisfy the "third browser" - the search engine. To us, search engines are people too.

image description image description image description image description

WordPress Firewall Plugin Security Filters

The hacking attempts that this plugin catches are many, but generally fall into the ...

NEED A GREAT WEB SITE? NEED IT TO BE SEARCH-ENGINE-FRIENDLY?

SEO Egghead is a web development firm dedicated to creating custom, search engine optimized web site applications. We specialize in eCommerce and content management web sites that not only render information beautifully to the human, but also satisfy the "third browser" — the search engine. To us, search engines are people too. Click here to talk to us. We'd love to help!
X
The hacking attempts that this plugin catches are many, but generally fall into the following categories —

1. Directory Traversal —


These attacks usually look to obtain information or files outside of where an application intends or normally allows. Sometimes it is valid, but generally "../../," and certainly "/etc/passwd" are a hacker's attempts to expose proprietary information. By default, all references to the above values (and some similar ones) are blocked unless otherwise whitelisted (unblocked).

2. SQL Injection/Tainting —


These attacks usually look to obtain or modify information from a database in a way an application does not expect. Generally, references in application parameters to common MySQL functions and SQL syntax (SELECT *, UNION SELECT, etc.), and certainly very uncommon keywords like "group_concat" are attempts to expose or modify proprietary information. By default, all references to the above values (and similar ones) are blocked unless otherwise whitelisted. Certain WordPress-specific default whitelists are made so that a post about SQL injection would not trip a false alarm, so the above content would generally be allowed only in to such fields.

3. WordPress-Specific SQL Injection —


The above goes a long way — but if we know more about the application, we can tune and block attacks that reference specific columns and table names specific to it — in this case WordPress. Like non-specific ones, the attacks look to obtain or modify information from a database in a way WordPress does not expect. And it is not generally common to refer to "wp_SOME_COLUMN_NAME" in anything other than a post body. By default, all references to the above values (and some similar ones) are blocked unless otherwise whitelisted. Certain WordPress-specific default whitelists are made so that a post about SQL injection would not trip a false alarm, so the above content would generally be allowed only in to such fields.

4. Executable File Upload —


While it is normal to upload graphic files to your blog — .jpg, .gif, .png, etc., it is generally not common to upload executable files — .php, .exe, etc. Sometimes attackers will exploit a weakness in an application that allows uploaded files to a gallery of some sort to be executed. Without the proper UNIX (or Windows) permissions, this can be the case. Since it's not so common, such files are entirely rejected unless otherwise whitelisted.

5.Field Truncation —


This attack generally sends a series of whitespace characters or a NULL character to alter or duplicate the value of a parameter. NULLs are generally used to delete the remainder of a string — so SOME + NULL + THING becomes "SOME," and "THING" is lost or ignored. Whitespace is generally used to duplicate a value in a database or validation check where whitespace is ignored and the duplicate is therefore inserted.

6. Remote File Execution —


This attack generally sends an application parameter a foreign file that it will then execute. It is generally a sign of poor programming, not-so-common, and most shared hosting providers turn off PHP's "file wrappers" for include()s and require()s — making it less-necessary. Unfortunately, this security-filter may set off false alarms without proper maintenance, so it is defaulted to off.