How to Fight Malicious Website Scans with BBQ: Block Bad Queries

Date: 09/06/2019 | 2 Minutes to Read

In this article:

WordPress is the most popular content management system (CMS) today. But that doesn’t mean you have to use it for better security. But that’s a discussion for another article.

The developers of the BBQ: Block Bad Queries WordPress security plugin have a standalone PHP script that accomplishes the same goal as its WordPress counterpart. It blocks malicious URL requests to improve web security. Notable examples include file scans for compressed .zip or .tar files, hidden files storing personally identifiable information (PII), and exploitable executable files.

These brute force scans are accomplished with automated programs and a database of known exploitable URLs – e.g. domain.com/path-to-file/etc/passwd (searching for the Linux password file) and domain.com/path-to-file/makefile (attempting to create a file on the server).

Below we cover how to block bad (malicious) queries within a PHP website.

Block Bad Queries

  1. Visit https://perishablepress.com/block-bad-queries.
  2. Edit your index.php file or another PHP file that will be requested on every website request – e.g. header.php. If you’re using an HTML file, copy it to a new index.php file and use that new file.
  3. Copy the code under the BBQ standalone PHP script section into the top of your PHP file.
  4. Save the file.
  5. Check your PHP page to ensure none of the code displays on your website.
  6. Try a malicious URL for basic penetration testing (pen-testing) – e.g. yourdomain.com/makefile. It should redirect to a 403 error.

Updates

The developer recommends periodically updating the PHP script for improved security.

  1. To do this, download the WordPress plugin from WordPress.org.
  2. Open the zip file with 7zip or Winzip.
  3. Open the block-bad-queries.php file.
  4. Copy the code to replace the PHP code on your website.

Contact the developer at PerishablePress.com for further assistance. We’ll update this article when notified of changes to the update process.

Leave a Reply