• Resolved fooshoocoo

    (@fooshoocoo)


    After installing WordPress I immediately began to get lots of hits in my server logs from bots visiting the URL where I installed. I have never given this URL to anyone, published it anywhere or accessed it from any remote machine. I suppose it is possible that the bots guessed the URL (xxx.com/wordpress) but I don’t recall seeing any entries for this URL before the day I installed.

    So, does WordPress have sort of spyware in it that reports details of where it has been installed onto a central server, from where it can be harvested by bots?

Viewing 15 replies - 1 through 15 (of 25 total)
  • Most if not all blogging software notifies services such as Technorati with each new post that you make by default, for further information please see:

    https://codex.www.ads-software.com/Update_Services

    Thread Starter fooshoocoo

    (@fooshoocoo)

    OK, I read the docs and removed all the update service URLs listed under “Update Services” on the Options->Writing admininstration screen. Since then everything has been well and no foreign machines have attempted to access my blog.

    Until tonight. I posted a new entry on my blog and *within 3 seconds* that specific entry was downloaded by a host called theta.flatline.de.

    WordPress still appears to be leaking my information somehow. What is going on?

    I doubt WP is leaking information. I have a couple of hidden blogs that no SE has found.

    But you pinged once. That was enough for the address to get out. And as for https://theta.flatline.de/ ?

    Any site doing that, but saying “There’s Nothing here.” is dodgy.

    https://www.dnsstuff.com/tools/whois.ch?ip=flatline.de

    Denis de Bernardy

    (@denis-de-bernardy)

    Your problem comes from spam bots. Some spammers track new blogs via update services and add the feeds to their tracking list. Think of these as email spam lists: Once you’re on one, you might as well change emails.

    Thread Starter fooshoocoo

    (@fooshoocoo)

    my blog uses HTTP authentication to password protect all pages so there is no way anyone who indexed it in the past could obtain any new info from crawling it.

    and this site didn’t just attemp to download the index page – it tried to download the specific URL of the latest entry within 3 seconds of that entry being posted.

    it didn’t suceed in getting the post because it didn’t have the password to authenticate, but it knew the post was there, and is no way it could have done that unless wordpress told it.

    WordPress does not contain spyware – or any other *ware.

    Thread Starter fooshoocoo

    (@fooshoocoo)

    OK, I’ve worked out what it is doing.

    The blog entry I posted contained a link to the website https://gimpfoo.de. This website is hosted on the same machine as theta.flatline.de. Upon posting the entry, WordPress is connecting to this machine and telling it about the link. Theta then attempts to connect back and download the entry.

    It’s not mallicious, but it is certainly information leaking and those who are paranoid such as myself would consider it spyware.

    It was a ping.

    Ping=spyware ?

    May I suggest that if you do not want information ‘leaking out’ that you remove it from the net ?

    Thread Starter fooshoocoo

    (@fooshoocoo)

    your suggestion is not helpful. are you really claiming that i have no right to expect my machines to be online and accessible for my own limited purposes and also secure and inaccessible to unauthorised uses? that security is unobtainable, so we should simply open up our machines to spyware, viruses and crackers? and that the only other alternative is to unplug them?

    a real ping is an ICMP packet and it doesn’t contain any information like URLs. if my machine was sending out pings to strange hosts i wouldnt consider it spyware but i would consider it an indication of a security problem, that something was wrong, that something couldn’t be trusted.

    these ‘pings’ wordpress sends are not simple ICMP packets. i didn’t enable any option for these ‘pings’ and i have not yet been able to find the option to turn them off, so yes, i do consider them a form of spyware. spyware is any software that sends out information about me without asking me first if i want that information sent out. yes, this definition probably does include a lot of closed-source software that ‘phones home’, but that’s why i’m running open source software. i assumed that if anyone tried to put stuff like that into an open source project, the ‘many eyes’ would find it and remove it.

    in this case, no harm was done, but i’m not going to run wordpress again until i have time to do a full code audit. i don’t even know what these ‘pings’ contain. i’m assuming it is just a URL, but for all i know it could be a post title, a post abstract, or even the full body of a post. on a private site that contains sensitive information that risk is not acceptable.

    And I assume you’ve disabled all RSS feeds that are by default “on”?

    Are you serious? If you don’t want anyone reading it or attempting to check it, why don’t you just load the software on a private local server that isn’t connected to the internet. That way no SE bot or spam bot could ever reach it.

    error

    (@error)

    The option to turn that off is right there in Options » Discussion. “Attempt to notify any Weblogs linked to from the article (slows down posting.)” Turn it off, take out the update services (you said you already had) and enjoy the silence.

    And please understand the reason these things are in there is because the blogosphere is interconnected, and 99.999999999% of users want these interlinking features.

    Not an ICMP ping, but a pingback. See the Introduction to Blogging.

    i didn’t enable any option for these ‘pings’ and i have not yet been able to find the option to turn them off

    When at the write page, there’s a two boxes, one for Allow comments, one for Allow Pings. I assume also you uncheck those?

    rustindy

    (@rustindy)

    In the Options screen under the Discussion tab, you can disable pings by unchecking Attempt to notify any Weblogs linked to from the article (slows down posting.).

    Pings, when in the context of a blog or other CMS-style system, do not refer to ICMP pings or echo commands. A blog ping lets a site know that you’ve linked to them from your site. It’s really called a “pingback”, and sites are free to ignore them. For total privacy, also uncheck Allow link notifications from other Weblogs (pingbacks and trackbacks.) on that page, and remove any entries under Update Services on the Options/Writing page. After doing this, only sites that already know your address (or sites that get it from them) will know where your blog is.

Viewing 15 replies - 1 through 15 (of 25 total)
  • The topic ‘wordpress contains spyware?’ is closed to new replies.