When Internet Explorer 8 came out Microsoft said they had seriously improved security and that it was now one of the safest web browsers to use. Apparently they were wrong. According to the Guardian newspaper here in the UK an exploit in Internet Explorer was used in the recent attack on Google’s systems in China.

source

So why keep using it? There are plenty of excellent alternatives these days. Firefox, Opera, Chrome, Flock and you could even use Apple’s Safari although it uses a stupid amount of memory on Windows.

A few days ago I installed the Bad Behavior plugin for Word Press just as an extra way of combatting spam comments etc. In 2 days it’s blocked 49 attempts by malicious scripts to access this blog. I just looked at the log and most of them are attempts to run a remote PHP script to see if I am running a vulnerable script. The remote scripts are all the same and simply contain

<?php /* Fx29ID */ echo("FeeL".CoMz"); die("FeeL"."CoMz"); /* Fx29ID */ ?>

Basically from what I can see there is a bunch of script kiddies who like to call themselves hackers but haven’t got the first clue about real hacking. All they can do is follow step by step instructions they have found on security web sites. A real hacker is a person who actually knows how things work and looks for ways to exploit them so that the makers can make the products more secure.

Had quite a few hits on this one with people searching for information so have decided to add some.

If you are running Word Press then I highly recommend installing the Bad Behavior plugin as this has, to my knowledge, blocked all attempts by these kiddies. I have also added a couple of the banned useragents from Bad Behavior to my sites .htaccess file to prevent them accessing the site all together. It also blocks some known spambots.

SetEnvIfNoCase User-Agent "^libwww-perl*" spammer=yes
SetEnvIfNoCase User-Agent "^Mozilla/5\.0$" spammer=yes
SetEnvIfNoCase User-Agent "^Java/1*" spammer=yes
SetEnvIfNoCase User-Agent "^Java 1*" spammer=yes
SetEnvIfNoCase User-Agent "^<sc" spammer=yes
SetEnvIfNoCase User-Agent "^Jakarta*" spammer=yes
SetEnvIfNoCase User-Agent "^TrackBack*" spammer=yes
SetEnvIfNoCase User-Agent "^USERAGENT$" spammer=yes
SetEnvIfNoCase Via pinappleproxy spammer=yes
SetEnvIfNoCase X-AAAAAAAAAAAA 1 spammer=yes
Deny from env=spammer

Just remember it is also up to you to make sure that any scripts you are running on your site, be they a forum, a blog, a guestbook etc are the latest versions.

BTW if you came here because you found a file containing the FeeL.CoMz text from above then I’m sorry to say your site has already been exploited by this idiots. All you can do is look for other files last updated around the same time to see what else they did. Then make sure your scripts are updated.