http://bbpress.org/forums/ bbPress Support Forums Tag: attack en Fri, 09 Jan 2009 00:46:18 +0000 http://bbpress.org/forums/topic/bad-behavior-for-bbpress-howto#post-20171 Fri, 24 Oct 2008 02:59:19 +0000 Ipstenu 20171@http://bbpress.org/forums/ <p>I'm not sure if this worked but ...</p> <p>I added in the standard Plugin header to the bad-behavior-generic.php file (see below) and then copied it and the rest of the bad-behavior folder up to bbPress. It turned on. I'm trying to sort out how to hack the wordpress plugin. I'm running the same DB for wp and bb so, in theory, this should work easily. It's not ;) Fatal errors.</p> <pre><code>/* Plugin Name: Bad Behavior Version: 2.0.24 Description: Deny automated spambots access to your PHP-based Web site. Plugin URI: <a href="http://www.bad-behavior.ioerror.us/" rel="nofollow">http://www.bad-behavior.ioerror.us/</a> Author: Michael Hampton Author URI: <a href="http://www.homelandstupidity.us/" rel="nofollow">http://www.homelandstupidity.us/</a> License: GPL</code></pre> http://bbpress.org/forums/topic/posible-attack-and-bbpress-error#post-16737 Fri, 13 Jun 2008 03:33:31 +0000 sambauers 16737@http://bbpress.org/forums/ <p>I'm pretty sure that's not a problem security wise as far as bbPress is concerned.</p> <p>That code you refer to is being rewritten for another reason at the moment. </p> http://bbpress.org/forums/topic/posible-attack-and-bbpress-error#post-16729 Thu, 12 Jun 2008 16:43:09 +0000 teayudo.es 16729@http://bbpress.org/forums/ <p>Hi and thanks for bbpress and the plugins.<br /> I integrated wordpress and bbpress in my site with some plugins.<br /> In the log of my host I find this error:</p> <p><code>[Thu Jun 12 13:57:36 2008] [error] PHP Warning: parse_url(/2008/06/urlofpostofwordpress//appserv/main.php?appserv_root=http://www.cdpm3.com/id.txt???) [&lt;a href=&#39;function.parse-url&#39;&gt;function.parse-url&lt;/a&gt;]: Unable to parse url in /home/teayudoe/public_html/foros/bb-includes/functions.php on line 1794</code></p> <p>I have the same errors with anothers urls/scripts<br /> <a href="http://www.iglesialcs.cl/newweb/cache/id2.txt" rel="nofollow">http://www.iglesialcs.cl/newweb/cache/id2.txt</a><br /> And the last week I saw other similar errors<br /> I investigated the urls and I think are script to attack servers<br /> I'm not worried about the safety of my site, I believe that these script can not do anything, what I am wrong?<br /> It is possible to fix the error by putting @ forward parse_url functions.php on line 1794 (http://derekgendron.com/blog/?p=33)<br /> I have to worry?<br /> Thanks<br /> Pd. Sorry for my english. The English is not my mother tongue </p> http://bbpress.org/forums/topic/bad-behavior-for-bbpress-howto#post-2609 Tue, 26 Dec 2006 00:01:38 +0000 chrishajer 2609@http://bbpress.org/forums/ <p>Hi Trent, Merry Christmas. I did install it and it apparently was working since someone got blocked :yikes: I could not find any logging anywhere, and to fix it yourself with the code provided </p> <pre><code>&gt; Your technical support key is: 0000-zzzz-yyyy-xxxx &gt; &gt; You can use this key to fix this problem yourself.</code></pre> <p>you need to log in to the ioerror/homelandstupidity site here:<br /> <a href="http://www.ioerror.us/ip/" rel="nofollow">http://www.ioerror.us/ip/</a></p> <p>But with the IP that was blocked. So, with no logging and no way to know why this legitimate user was blocked, I disabled it. I was looking at the logging a bit (using bad-behavior-wordpress.php as an example as suggested) but I haven't figured it out yet. I was hoping there was a config section with four lines like WP or BB, where I could enter the DB details, but it's not there :)</p> <p>So, turned off for now. It was doing something though, I just don't know what or why. </p> http://bbpress.org/forums/topic/bad-behavior-for-bbpress-howto#post-2602 Sun, 24 Dec 2006 17:47:07 +0000 Trent 2602@http://bbpress.org/forums/ <p>The standalone version doesn't have the ability to log, so it is difficult to test it without having someone do something that Bad Behavior doesn't like! That being said, I am 99.9% sure it would be working if you are still able to bring up your forums because if you install it incorrectly, it will not let you access your pages and block everything until you get it right.</p> <p>The good thing about Bad Behavior is, install and forget about it! </p> <p>Trent </p> http://bbpress.org/forums/topic/bad-behavior-for-bbpress-howto#post-2580 Sat, 23 Dec 2006 05:31:23 +0000 chrishajer 2580@http://bbpress.org/forums/ <p>Trent, I installed this and the install went smoothly. How can I test this or know that it's actually working? What differences would I see? I didn't see any testing procedure in the FAQ at <a href="http://www.homelandstupidity.us" rel="nofollow">http://www.homelandstupidity.us</a></p> <p>Thanks for sharing the procedure. </p> http://bbpress.org/forums/topic/bad-behavior-for-bbpress-howto#post-2572 Fri, 22 Dec 2006 22:42:42 +0000 Trent 2572@http://bbpress.org/forums/ <p>I have another post in the forum, but if you are interested in using a great software package that limits spam and server attacks before they access the site, then you might be interested in <a href="http://www.homelandstupidity.us/software/bad-behavior/">Bad Behavior</a>. I really like it because it really decreases the load on the server as well.</p> <p>While they do not have a plugin for bbPress and creating one isn't in the cards right now, you can do it by downloading the <a href="http://www.homelandstupidity.us/software/bad-behavior/bad-behavior-download/">newest Bad Behavior release</a> and placing it as a folder in the root of your bbPress installation.</p> <p>After that, you just need to call it. I did this by adding the following to config.php after the /* Stop editing */ part.</p> <p><code>require_once( BBPATH . &#39;/Bad-Behavior/bad-behavior-generic.php&#39;);</code></p> <p>That is the easy way without a plugin. Just thought I would share it for those that are interested.</p> <p>Trent </p>