6a0120a85dcdae970b016301e98de2970d-800wi

So, following on from the theme of other week’s post, this is a very quick plugin which will opportunistically encrypt email sent by Known.

It works in much the same way as the similar WordPress code; if a key for a user is in the keyring, the email is encrypted before it is sent. It is particularly handy when combined with my PGP Signin code, since that will provide key discovery.

I wrote this for my own use, so it’s not perfect. For example, since Known sends all email as HTML (unless my plain text email patch is also applied this patch was merged into core), my plugin currently just strips tags, which at least makes the email somewhat readable.

Anyway, kick it around.

» Visit the project on Github...

Just a quick one…. I noticed in my webserver logs, a whole bunch of directory walk “script kiddie” exploit attempts to various wordpress sites on my server, attempting to retrieve my wordpress configuration file: wp-config.php.

A directory walk attack is where someone will attempt to use a download feature of some plugin or other in attempt to trick it to retrieve a different file, by passing ../ before the file name. E.g.

None of these exploits was successful, since this is an obvious approach which should be sanitised out of inputs, but part of having a secure system is the concept of strength in depth and every programmer makes mistakes.

So, I knocked together a quick modsecurity rule:

Which seems to shut this one exploit down. HTH :)

email-sending-letter

Spam comes in may forms.

I had been noticing some odd traffic appearing in my referrer logs from “buttons-for-website.com”, and a few other places. Odd, I thought, but I wasn’t too concerned.

A client recently asked me about it, since similar traffic was starting to appear in their analytics for a brand new site. I did a little bit of research, and it turns out that this is actually a spam attack.

Basically, the spammer hits your site and sets a referrer header containing a url and their spam message (keywords + another url, usually). Since a small percentage of sites make their referrer logs public (either deliberately or through misconfiguration), when these are indexed, they can be used to game the search engine of the site they’re trying to boost.

Stopping the spam with mod_security

I don’t like spammers, and it was starting to make my logs (and those of my client’s) a little noisy. So, I decided to do something about it. So, using mod_security, I added a couple of simple rules, which would drop the traffic where the referrer contained certain keywords.

Simple, but effective:

This seemed to put an end to the worst of it.

I also noticed that a few spammers were posting with obvious spam keywords in the referrer header, so I added a similar rule to block those for good measure:

Testing

To test your rules, you can use curl to hit your site and send a triggering referrer, e.g.

Or

Hope that helps!