Bad Behavior stops distributed WordPress account cracker
December 2nd, 2009 by Michael Hampton
Spam isn’t the only threat to your web site.
Another very real threat is criminals who use automated attacks against thousands or even millions of web sites, hoping that a few will let them in so they can take over your site, forcing malicious software on your unsuspecting visitors and posting as many links to their garbage as they want.
On Monday the SANS Internet Storm Center noted one such attack seen in the wild which uses a distributed network of virtual machines that all talk to each other and share data on which passwords they’ve tried against which WordPress blogs.
After obtaining a copy of the attack script and testing it in a virtual lab, I’ve determined that Bad Behavior already blocks this script as it is currently written.
Even so, the script has given me some good ideas on how to improve Bad Behavior further to protect against malicious attacks of this type. I will be rolling out some of these changes in the following days in the 2.0 branch.
The first release in the 2.1 development branch will be coming later this month, as well. If you want to see it sooner, consider becoming a sustaining contributor to Bad Behavior development. Your contributions ensure that I can devote development time to Bad Behavior on an ongoing basis.
Jack Hughes Says
Keep up the good work Michael, I protect my blog using Bad Behaviour and am a fan. I’ve even donated as well
If you could do a Drupal module as good as the WP plugin I’d be very happy. 
The current Drupal module is a bit of a pain because the Bad Behaviour library needs to be installed seperately from the drupal module. The great thing about the WP plugin is that it is all part of the same thing.
Dec 2nd, 2009 at 12:54 pm
Michael Hampton Says
Unfortunately for the moment that’s the way it is for Drupal and certain other packages. Despite the annoyance, it works quite well for portability: Bad Behavior can run on just about anything, given an appropriate module.
For the 2.2 release I should have a packaging system in place which will bundle Bad Behavior with the various modules for most of the platforms it runs on.
And remember to tell your friends about Bad Behavior. They deserve to be free of the scourge of spam, too.
Dec 2nd, 2009 at 1:04 pm