- Joined
- Jul 24, 2004
- Messages
- 4,320
- Reaction score
- 614
I have been battling a phishing attack after phishing attack, and I think I would have a solution, if anyone is good at making a plugin.
Normally if you have mistype a page url on a wp site, it goes to a page saying it is nothing there, but if you upload a non-wp page, like a phishing script on that site too, it is not considered 404, so it will display the content, but if you made a plugin, that would basicilly tell the site that the whole server space that is not on the WP system, you would stop such scripts from having an effect. You could also then add an exception to that, if you had a folder like wpwebsiteexample.com/folderhere, and you exempt that folder from this rule, but only you can add that URL to the plugin, then it would stop these phishing attacks.
Thoughts?
http://www.dnforum.com/posts/2236249/ here is what I ended up doing.
Normally if you have mistype a page url on a wp site, it goes to a page saying it is nothing there, but if you upload a non-wp page, like a phishing script on that site too, it is not considered 404, so it will display the content, but if you made a plugin, that would basicilly tell the site that the whole server space that is not on the WP system, you would stop such scripts from having an effect. You could also then add an exception to that, if you had a folder like wpwebsiteexample.com/folderhere, and you exempt that folder from this rule, but only you can add that URL to the plugin, then it would stop these phishing attacks.
Thoughts?
http://www.dnforum.com/posts/2236249/ here is what I ended up doing.
