made even worse by the fact that it's possible to detect a pipe vs just standard... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		chii 4 hours ago \| parent \| context \| favorite \| on: Someone bought 30 WordPress plugins and planted a ... made even worse by the fact that it's possible to detect a pipe vs just standard out display of the contents of curl, from the server side. This means the attack can be "invisible", as a cursory glance at the output of the curl can be misleading. You _have_ to curl with piping the output into a file (like \| cat), and examine that file to detect any anomaly.

		help

boomlinde 1 hour ago [–]

> it's possible to detect a pipe vs just standard out display of the contents of curl, from the server side

That sounded really interesting, so I looked it up and found this article from 2016 if anyone else is interested: https://web.archive.org/web/20250622061208/https://www.idont...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact