Recently Browsing 0 members
No registered users viewing this page.
Originaly developped by Jeff Starr, Blackhole is a security plugin which trap bad bots, crawlers and spiders in a virtual black hole.
Once the bots (or any virtual user!) visit the black hole page, they are blocked and denied access for your entire site.
This helps to keep nonsense spammers, scrapers, scanners, and other malicious hacking tools away from your site, so you can save precious server resources and bandwith for your good visitors.
How It Works
You add a rule to your robots.txt that instructs bots to stay away. Good bots will obey the rule, but bad bots will ignore it and follow the link... right into the black hole trap. Once trapped, bad bots are blocked and denied access to your entire site.
The main benefits of Blackhole include:
Bots have one chance to obey your site’s robots.txt rules. Failure to comply results in immediate banishment.
Disable Blackhole for logged in users Optionally redirect all logged-in users Send alert email message Customize email message Choose a custom warning message for bad bots Show a WHOIS Lookup informations Choose a custom blocked message for bad bots Choose a custom HTTP Status Code for blocked bots Choose which bots are whitelisted or not
Install the module Create a new page and assign to this page the template "blackhole" Create a new template file "blackhole.php" and call the module $modules->get('Blackhole')->blackhole(); Add the rule to your robot.txt Call the module from your home.php template $modules->get('Blackhole')->blackhole(); Bye bye bad bots!
I'm new to PW and like it a lot so far. With most WordPress and Drupal websites there are frequent updates to core & plugins, some of these are security released so I tend to install any updates ASAP. When supporting many websites this update fatigue is pretty tiresome.
What is your update strategy when maintaining PW sites? Would be interested to hear if you think it is valid to perhaps do a quarterly update or perhaps only even update yearly if there are no security announcements?
Also just to clarify, if there a security mailing list we should subscribe to just in case an urgent fix is ever released?
I posted a question on Stack and as yet not got an anwser that is something novel. I'm interested to know if this worries anyone else and whether we can do something about it.
So here goes:
If a user logins to your online sevice, let's say a job posting site, they give you an email and password to access your service later... Lets say a malicous person with access to the server could write into the template to store the passwords as plain text somewhere. Given that people generally don't use a new password for each website, now that malicious person has the potential to access other online services using these details (where there isn't any secondly security like 2-factor).
Is there anything we can do to battle this? In an ideal world, maybe setting up a zero-knowledge algorithm to log people in and out...
food for thought