|
05.04.07
Wordpress Honeypot Plug-in
 By
Dan Morrill
From a security viewpoint, this little plug in for Wordpress is one of the more interesting little scripts you can dump onto your Wordpress blog, to see how many evil systems are trying to access your site.
From e-mail harvesters to spam commenter systems, this script is part of the "Adopt a Honeypot" project.
http:BL WordPress Plugin allows you to verify IP addresses of clients connecting to your blog against the Project Honey Pot database. Thanks to http:BL API you can quickly check whether your visitor is an email harvester, a comment spammer or any other malicious creature. Communication with verification server is done via DNS request mechanism, which makes the query and response even quicker. Now, thanks to http:BL WordPress Plugin any potentially harmful clients are denied from accessing your blog and therefore abusing it. Source: Stepien.com.pl
By matching known Project Honeypot IP Addresses against the people who are visiting your blog, and then allowing or denying access based on that return, you can control the type of person coming to your blog.
Drawbacks that are immediately visible are legitimate users, real PC's with real people behind them that have had their systems compromised by some form of malware. So if I ran a big Wordpress site I would use this with caution. If there is a logging capability in it I would log the IP addresses if they were known evil, and then figure out the ratio of good IP addresses against bad/evil IP addresses that are attaching to my site. Then depending on the percentage of good/evil would then see if I could afford to do this without ticking off my users or visitors.
You have to have a project Honeypot account to use their database, it might look suspicious if a major corporation with millions of users a day is hitting the Honeypot site. So depending again on size, and the ability of the Honeypot project to deal with the data load, this might also have to be used with caution, or somehow reimburse the Honeypot project for the use of their system.
It does not work well in a multi-blog environment yet, but they are working on it. You will have to initialize the plug in for each Wordpress blog in the multi-user version of the software.
With some caution and some test trials, it makes an interesting plug in for Wordpress that would be worth checking out. Depending on what the next round of updates, and how well the backend Honeypot project handles the influx of data from users of this plug-in, the usefulness of the plug-in will be interesting to see.
Comments
About the Author:
Dan Morrill has been in the information security field for 18 years, both
civilian and military, and is currently working on his Doctor of Management.
Dan shares his insights on the important security issues of today through
his blog, Managing
Intellectual Property & IT Security, and is an active participant in the
ITtoolbox blogging community.
|
