fooshoocoo

your suggestion is not helpful. are you really claiming that i have no right to expect my machines to be online and accessible for my own limited purposes and also secure and inaccessible to unauthorised uses? that security is unobtainable, so we should simply open up our machines to spyware, viruses and crackers? and that the only other alternative is to unplug them?

a real ping is an ICMP packet and it doesn’t contain any information like URLs. if my machine was sending out pings to strange hosts i wouldnt consider it spyware but i would consider it an indication of a security problem, that something was wrong, that something couldn’t be trusted.

these ‘pings’ wordpress sends are not simple ICMP packets. i didn’t enable any option for these ‘pings’ and i have not yet been able to find the option to turn them off, so yes, i do consider them a form of spyware. spyware is any software that sends out information about me without asking me first if i want that information sent out. yes, this definition probably does include a lot of closed-source software that ‘phones home’, but that’s why i’m running open source software. i assumed that if anyone tried to put stuff like that into an open source project, the ‘many eyes’ would find it and remove it.

in this case, no harm was done, but i’m not going to run wordpress again until i have time to do a full code audit. i don’t even know what these ‘pings’ contain. i’m assuming it is just a URL, but for all i know it could be a post title, a post abstract, or even the full body of a post. on a private site that contains sensitive information that risk is not acceptable.

OK, I’ve worked out what it is doing.

The blog entry I posted contained a link to the website https://gimpfoo.de. This website is hosted on the same machine as theta.flatline.de. Upon posting the entry, WordPress is connecting to this machine and telling it about the link. Theta then attempts to connect back and download the entry.

It’s not mallicious, but it is certainly information leaking and those who are paranoid such as myself would consider it spyware.

my blog uses HTTP authentication to password protect all pages so there is no way anyone who indexed it in the past could obtain any new info from crawling it.

and this site didn’t just attemp to download the index page – it tried to download the specific URL of the latest entry within 3 seconds of that entry being posted.

it didn’t suceed in getting the post because it didn’t have the password to authenticate, but it knew the post was there, and is no way it could have done that unless wordpress told it.

OK, I read the docs and removed all the update service URLs listed under “Update Services” on the Options->Writing admininstration screen. Since then everything has been well and no foreign machines have attempted to access my blog.

Until tonight. I posted a new entry on my blog and *within 3 seconds* that specific entry was downloaded by a host called theta.flatline.de.

WordPress still appears to be leaking my information somehow. What is going on?