brotherhood_of_LAN - 11:52 am on Jan 25, 2013 (gmt 0)

I have to assume you don't host Wordpress Bill, or perhaps there'd be more maintenance on your server :)

RE: includes messing up the script. I have to agree with Bill about getting a dedicated server, or at least a different host. I can only assume includes were disabled for performance issues or devs were leaving security holes when using user supplied variables to include stuff.

Fact is you could just do $x = file_get_contents('script.php'); eval($x); and it would still work as an include, but much more awkwardly.

Thanks for sharing the regex... is there any thing in particular you'd recommend to check for within the server headers, and do/have you ban based on something within the headers? The only example of me looking at them is for X-Forwarded-For but I've been led to believe that examining all the fingerprints of headers makes us quite unique, like 1 in 100000 uniqueness, which obviously makes it a lot easier to ban agents.