Autarchy of the Private Cave

Tiny bits of bioinformatics, [web-]programming etc

    • Archives

    • Recent comments

    Archive for November 14th, 2009

    fail2ban and Google translate: how to easily cut your WP blog traffic

    14th November 2009

    translate_logofail2ban has a php-url-fopen rule.

    WordPress has a Global Translator plugin, which – among others – uses Google Translate service.

    If someone uses Google Translate (e.g. using Global Translate’s mini-language-flags), and goes back to your blog – that someone might get banned by fail2ban (especially if you have set maxretry to 1), as the referrer will contain the php-URL-fopen attack signature. The bad thing is that you will not realize that until after you check one or several translations yourself, as a random site visitor experiencing the problem is highly unlikely to bother reporting this problem – especially when your blog’s Contact page is also inaccessible.

    Clearly, Google Translate is not the only legitimate service which will trigger that rule.

    Solution: The only solution I have found is to specify the whitelist regex for the php-URL-fopen rule.

    Share

    Posted in *nix, Software, Web, WP PlugIns | No Comments »