Skip to content
Archive of entries posted on

What Is This? A WordPress Attack Using “PLM”

One of my sites had this very odd entry in it’s log from overnight: (actual URL changed) http://www.example.com/2005/06/24/title-in-here/%2B%25255bPLM=0%25255d%2BGET%2Bhttp:///2005/06/24/title-in-here/%2B%25255b0,16925,26735%25255d%2B-%25253e%2B%25255bN%25255d%2BPOST%2Bhttp:/wp-comments-post.php%2B%25255b0,0,349%25255d If you do the hexadecimal recoding a couple times you end up with: http://www.example.com/2005/06/24/title-in-here/+[PLM=0]+GET+http:///2005/06/24/title-in-here/+[0,16925,26735]+->+[N]+POST+http:/wp-comments-post.php+[0,0,349] And if you assume the plus marks are actually spaces: http://www.example.com/2005/06/24/title-in-here/ [PLM=0] GET http:///2005/06/24/title-in-here/ [0,16925,26735] -> [N] POST http:/wp-comments-post.php [0,0,349] What is this […]

Huge New Spam Run Starting Up

While checking my logs from overnight, I saw a huge increase in the amount of spam attempts coming in. Generally I have between 50 and 100 spam attempts per hour coming in. Yesterday, the number started increasing, and is currently running at around 3,000 rejected attempts per hour. Here’s the chart of the number of […]

“Guess who’s searching for you?” style spam is back

A few years ago, there was some spam scam outfit that would send out emails proclaiming “An individual at our website at our website is looking for information regarding: (your email address)” You’d go to the site, pay some money, and find out they really didn’t have any info about you. I received a spam […]

TV Converter Box Coupon

I still watch TV using regular old rabbit ears. We have two TVs in the house, one in the living room, and one in the basement. They work fine, and are each over 15 years old. So a couple months ago when the U.S. Department of Commerce allowed people to apply for up to two […]

Setting the WordPress 2.5 Secret Key

I’ve been exploring the WordPress 2.5 Release Candidate 1. I found a few bugs that are probably related to AJAX or javascript under Safari 3.04. I made a few suggestions and comments for part of the new design aspect of the Administrative section. But one interesting thing I haven’t seen mentioned anywhere is WP 2.5’s […]

ShaBlastBot Spider Considered Abusive

While perusing my apache logs, I ran across a lot of requests from a bot with the user-agent of “ShablastBot 1.0” and all came from the IP address of 67.228.100.141. Reverse IP shows that 67.228.100.138 67.228.100.139 67.228.100.140 and 67.228.100.142 also resolve to shablast.com. One significant problem appears to be it doesn’t correctly parse out feed: […]

MS Office Discussion Bar

I’ve started watching my web server logs more closely, and found several requests for /_vti_bin/owssvr.dll and /MSOffice/cltreq.asp. Examples: /_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=6551&STRMVER=4&CAPREQ=0 /MSOffice/cltreq.asp?UL=1&ACT=4&BUILD=6551&STRMVER=4&CAPREQ=0 Apparently, these requests are caused by someone using IE with the Discussion Bar turned on. I wonder why IE isn’t smart enough to read the headers to see that I’m not running a Microsoft web […]

WordPress TimeZone Handling is Ridiculous

This is 2008. Why in the world does WordPress not know how to shift it’s internal clock when Daylight Savings Time starts or ends? If the server itself can do it, why can’t WordPress? Heck, my VCR can even automagically adjust by an hour twice a year. I was going to write a plugin to […]

Verizon’s New Terms of Service

Verizon emailed me on the 29th letting me know about their new terms of service for my DSL connection. The new terms go into effect on Tuesday, March the 4th. They can be found at http://www2.verizon.net/policies. I hope no one wants to contribute to any adult sections of the Internet, you can’t do that according […]