Author: A.Degives Mas (8 Feb 11 3:55am)
The honeypot does its job alright.
So do the spammers, trawling for sites that have certain scripts running on them. Why? Because, statistics in hand, they venture among those installed there have to be a considerable number of ill-installed / ill-deployed ones that actually create a LARGE hole through which to deliver spam by the gazillions.
Don't worry about being clobbered with connections that come hat in hand requesting permission to publish st00pid spam. Worry about the integrity and sanity of your security setup; worry about your site being nailed properly shut where it must.
In the case of WordPress, I would rather not think about the number of sites out there that are run by less than stellar minds, who seemingly believe that a full-on caching system is somehow compatible with attitude- and signature-oriented anti-miscreant plugins (e.g. Bad Behavior) and similar scripts. It is most decidedly not, in fact it opens the door wide open to the baddies, and it is a good illustration of the problem with people willy-nilly plucking plugins off the WP site and cramming it into their WP install.
So, do yourself a favor, and if you use WP Super Cache set it to "legacy" mode (not even PHP) and allow Bad Behavior (and similar plugins) do its job.
Also, don't use one method. Use four. Or five. Use one from the trio of Akismet, TypePad AntiSpam and Defensio. Use something like WP HashCash. Use something like Bad Behavior. Use a tighter htaccess regime, e.g. by using BulletProof Security (it's quite harmless in that it only deals with htaccess, not your WP install scripts). And use something wholly outside the WP box, like ZB Block (it's very easy to set up in WP, just one snippet in two core files, drop a "WP compatibility file" in and you're done.) Yet another option is CloudFlare, I can warmly recommend that, too. And finally, apply SSL certs to pages where people access your site via a login, forcing login sessions through encrypted tunnels (and if you really can't afford SSL, use alternatives like Semisecure Login Reimagined together with login attempt limiters to thwart brute force attacks). There is a lot you can do. Do it. But do it right. And if you don't know how, get someone who can, and learn from that person so you can do it yourself (and know what you're doing)
They came hammering on my door, too.
So I'm steamrolling them just as fast back into three different blacklists. And I make no bones about kicking out people on dumb ISPs because I'd rather have three complaining incompetents than my site taken over by baddies just because I relented to placate the incompetents. Nuts to AOL, to iffy obscure ISPs, to countries who don't care, and to proxies. Go build your own internet I tell the whiners.
Never relent on security. Be paranoid, be very paranoid. And have a wicked sense of humor. That helps too.
But don't panic just because you see that your increased security is getting increased attention in return from the bad guys. It's a good sign. Like fighting back the mob and street gangs, that's a signal to roll up your sleeves and clean up the neighborhood; the darkest moment of the night comes just before daybreak.
Never relent. Never.
Post Edited (8 Feb 11 4:08am)