This morning I was surprised to see that a spammer had apparently breached my WordPress anti-spambot gauntlet. What does this mean in English, you ask? A potential hacker actually succeeded in registering an account on MT.Net, from which he could potentially attack my website.
At first I thought a bot had solved my CAPTCHA challenge, but after looking at the log entries it does not appear that this was an automated attack. Some dumb schmuck actually typed in the code by hand. That’s what most visitors to my website do, but most people don’t do it using email and IP addresses associated with hackers.
I’ve since turned on SABRE’s RBL lookup tests. This will automatically check the incoming IP against a list of suspect addresses. If there’s a match, the rogue visitor get automatically booted before he even begins.
It’s not perfect security, but one part of many defenses needed to protect a website.
Or, it means that some poor schmuck got his IP blacklisted. My mail server was blacklisted by SORBS for a while, and I had some trouble sending mail until I got it resolved. But the fine folks at Linode (my hosting provider) were very helpful in getting the blacklist straightened out.
This poor schmuck is most definitely a hacker: the subnet he was using was full of similar usernames and email addresses.
I’m very choosy regarding what blacklist I use. I had to patch SABRE to point to the proper blacklist server.