Showing posts with label blogging. Show all posts
Showing posts with label blogging. Show all posts

Saturday, June 1, 2013

Blexbot Content Scraper is Really Nielsen Media Research

I had great difficulty finding detailed information online about an IP address, 216.176.177.162, that appeared in my site log over ten thousand times. But now that IP address is cold busted. It belongs to Nielsen Media Research, a pack of content scrapers. They do not wish to be identified as such, and so they lie, and call themselves a random name like Blexbot. Tomorrow they will be clexbot, and the day after that, wmu-bot. What are Content Scrapers? They are greedy bots that attempt to grab every piece of data from a given site. Interesting bits of this data are then grouped together and sold to companies, governments, or individuals. In short, they grab content and try to profit from it. They do not send traffic. They should be banned by every site, no question about it.

Lookie what the scumbags are doing on a Wordpress site:
216.176.177.162 - - [29/May/2013:06:21:13 -0800] "GET /password HTTP/1.1" 404 2438 "-" "BLEXBot"

216.176.177.162 - - [29/May/2013:06:21:16 -0800] "GET /signup?context=webintent HTTP/1.1" 404 2438 "-" "BLEXBot"

216.176.177.162 - - [29/May/2013:06:21:18 -0800] "GET /reg/join HTTP/1.1" 404 2401 "-" "BLEXBot"

216.176.177.162 - - [29/May/2013:06:21:21 -0800] "GET /forgot_password HTTP/1.1" 404 2438 "-" "BLEXBot"

They're not just content scrapers, they're malicious hackers. Those 404's you see above? That code means they're making up links as they go along, running them up the flag pole to see if anybody salutes. Meanwhile, the web admin gets to have fun wondering what's wrong with his web site that all of these 404 errors are popping up. (There were many more than just the above examples.)

Bot-Net Attack? What Bot-Net Attack?

I read many articles today about the brute force attack targeting Wordpress sites. My site is secure, and I just laugh at the enormous waste of that stupid bot-net's bandwidth. Each hit taxes my site about 500 bytes, so those scumbags will have to hit my site 2,000,000 times in order to waste one of my gigabytes--but that calculation seems rather liberal to me. After all, my deflate instruction is near the top of my .htaccess file, so I would wager that instead of 500 bytes, the server actually transmits each bot closer to 300 bytes, maybe lower since old 403.html is, after all, mere text, which receives quite optimal compression rates from any compression algorithm worth its salt.

But igor's solution will never be the thing people click on in google. Packaging and appearance are the thing. That is all right, because it is enough for me that my client's site is perfectly impregnable. I want his site to be fast all the time, I want it to look right all the time, and I want black hat hackers and evil bots to fail in everything they attempt.

Upon reflection, I think the stupid brute force attack against wp-login is meant to promote the sales of some cybersecurity firm(s). Let us be clear, it is not a serious attack. It is a stupid and ineffectual waste of bandwidth. Some cunning CEO may have decided to hire a bot-net to launch a stupid, ineffectual attack against everybody, knowing that the ignorant and the easily frightened would shell out money to buy a quick fix, a little band-aid to put on their precious web site to lull them into a false sense of security. I just don't which company(ies) are behind the attack, which stand to gain. There are probably a thousand different suspects.

Wednesday, May 29, 2013

I Love Deleting Comments

Out there in Internet-land, SEO scumbags are paying a bunch of needy nerds about ten dollars an hour to leave comments on blogs like mine. I mark such comments as spam and delete them. Ha-ha, game over, wah-wah-wah.

Takes me all of five seconds to clock SEO shills. For the record, igor was not born yesterday.

I see these shady Internet jobs on E-lance all the time. E-lance was made for crap jobs like that. I may be a needy nerd myself, but there are certain jobs I don't deign to do for ethical reasons. The money is beside the point. I can't stomach the thought of ever being a spammer that promotes crap sites on the Internet. Now if the site were worth a damn, that might be another question, but I don't work for the unethical or the ignorant.

I wish more people had scruples about who they work for. The world would be a better place. Homo Sapiens 2.0 needs to have a faculty in the brain that refuses to behave like a slave--refuses to work for evil ends.

Monday, April 15, 2013

A Burr Under His Saddle

I wish I knew what triggered the undercover agent, what put a burr under his saddle so to speak. I tried laying my cards on the table, telling him in so many words, "I know you are an agent, buddy." He never talked plainly, but kept playing his little game of entrapment, with every reply elaborating upon some variation of "Just say the word and I'll mail a package of marijuana--free--no charge!"

I could never in a hundred years believe in a stranger giving me anything except the flu. I wash my hands after shaking someone's hand. Strangers offer me their hand every day on my job, thinking it the civil thing to do. Bah! Handshaking is an accursed unscientific custom. I have yet to meet a doctor or nurse that is first with the hand, and why? Because they know better. Invariably my first thought is to go to the bathroom and wash off  whatever germs were laid on my fingers.

The whole affair just underlined for me what a cruel world we live in, dog eat dog. I'm glad I'm wise enough to avoid what can be avoided, although certainly I succumbed to some foolish things in my youth. I pity the unfortunate, careless young and untested, whose first great test may result in their being marked for life.

I think that Facebook fully cooperates with agents, because Facebook locked my account abruptly about two weeks into my correspondence with the agent, so I had to call in to verify my account, thus refuting a potential future "it wasn't me at the computer" defense.

Such ridiculous nonsense. I can think of a thousand productive things the government should be doing, but this is not one of them. One can scarcely credit we are living in 2013.

Wednesday, April 10, 2013

What are Referrer-Spammers?

When one visits a site, it is customary, although by no means mandatory, for one's browser to inform the site of the linking site. This data is placed in the referer-string and gets recorded in the site's server log. Site owners regard the referrer-string as one of the more useful bits of information, because they like to know who is sending them traffic. They may view the referrers in the site log or by viewing their site stats. Some site owners actually post a list of referring sites as an ill-conceived method of rewarding helpful behavior. I do not recommend doing so.

No verification of the referrer-string can be performed, because only the visitor and his ISP really knows where on the Internet he came from.  A referrer-spammer, typically a bot, inserts an incorrect link into the referrer-string in order to promote a site and tempt site-owners to click on the link. Once a site-owner clicks on such a link, he may expose his computer to a malware infection, and at any rate, his IP address and geographical location may be compromised. No reputable site would ever resort to referrer-spam in order to generate traffic. Only scum do that. When I detect referrer-spammers in my log, I add their IP address to my blacklist.

The day has long since passed when a webmaster trusted in hit counts as a reliable measure of popularity or readership. Hit counts are fun and offer a rough measure, but the number must be taken with a grain of salt. The lion's share of hits for less popular sites are bogus, but even popular sites receive plenty of bots. A site owner may trust in comments, shares, and link-backs as a firmer indicator of human traffic.

However, even some comments are the work of bots promoting sites, products, or people. During the election season, I receive my share of bots passing through posting a defense of a politician I may mention. When I blog about a brand-name, I may receive a comment defending the brand. I can sometimes detect bots when their comments do not strictly jibe with the content of my blog post. A bot may be triggered into dropping a canned comment by one or more keywords being detected in a blog post.

Looking over a site log can be a real eye-opener. The log reveals just how many bots there are out in the wild--comment spammers, old-fashioned email harvesters, referrer-spammers, content-scrapers, search engines of no good reputation, and bots probing for security weaknesses. If you are an English writer like me and you notice much traffic from Russia or China or some other far-flung place in the world, I wager you are seeing just a bunch of bots and nothing more.

Thursday, April 4, 2013

Phantoms of the Internet

Beware of anyone met online, because you have not met them; they are ideas only, phantoms. There are many on the Internet that pretend to be that which they are not, and their motives are as varied as human nature allows. Some are criminals, some are jealous, some are lustful, some are curious, and some are misguided undercover agents.

The agent I dealt with last week also had a profile on Amazon, Google and several other online venues. Her online profiles were elaborate and indistinguishable from that of any other ordinary person. Governments around the world employ personnel that craft convincing and highly detailed online identities. Facebook isn't the only online site crawling with agents, but it's probably the top one. "She" had an impressive cover. Let's continue with the feminine pronoun, though I think she was really a he. She had many friends, each with elaborate and believable Facebook profiles, and her own profile was believable as well. Clearly her online activity constituted a full-time job. Her friends and relatives had blogs of their own with many posts and comments on their posts.

My point is this. It is not possible to determine the legitimacy of an online persona by examining their Facebook profile, friends, forum postings, or email messages. An online acquaintance remains a mystery. One must remind oneself of that cardinal rule at all times. One does not know another's gender, age, name or location. One knows nothing about them at all, not even what can be twigged by their style of writing, for even style and grammar are subject to manipulation. Even an IP address may be spoofed like all other technical information. None of the stats on any online profile may be trusted, and of course anything someone writes is subject to being a lie, along with the manner in which they write it.

Many people in the world have no ethical problem with lying, or even if they do, they evaluate lying as being the lesser evil. Thus, each new evil that they commit afterward may also be evaluated in the same light, as a lesser evil. Such a slippery slope, my dear, and where does the fall end?

Monday, April 1, 2013

Warning: You Are Being Watched

There is one growth industry in our crumbling empire that generates new employment opportunities and hardly ever downsizes. No, I'm not talking about manufacturing. What a laugh. Manufacturing in the U.S. is almost an oxymoron these days, which distresses me, because manufacturing is what really won the Second World War, as any history buff knows. I fear for our nation's future with our manufacturing outsourced to China. The growth industry is not our nation's military, as our wars seem to be winding down rather than expanding under the foreign policy of President Obama. I am not referring to the education "industry," although many people are going back to school, even with the poor financial returns available on an education investment. The one growth industry that really stands out in the U.S. is the prison industry.

The United States is ranked #1 in the entire world when it comes to the number of people in prison, and no small number of people are paid to put them there and care for them once they are there. This has been true for decades due to the illegality of popular drugs such as cannabis, which is less harmful than alcohol, but carries severe penalties for those found to be in possession of small quantities. The Drug War provides a livelihood for people on both sides of the law. One deplores the cartels, but they would disappear if drugs became legal, as they were for thousands of years prior to the 1930s. Nobody had a problem with drugs until the government made it a problem.

In the Drug War and other law enforcement campaigns, the government employs (I like that word, since the Drug War generates so much employment in modern America) lies and intimidation to weasel its way into peoples' lives.

The usual game goes down like this. An agent pretends to be somebody's friend and then, once a naive individual places trust in that agent, a trap is sprung ensnaring that poor soul in a felony carrying the threat of significant penalties. As a computer programmer, I am reminded of phishing scams and viruses. They are all one, agents and computer viruses, employing social engineering to deceive, manipulate and harm.

"Don't worry, Mr. or Mrs. No-Account Nobody! We don't want to crucify you. We actually want to crucify someone else, and you can help us do so. Oh, and by the way, it would be in your best interest."

Yes: betray your friends and abandon your ethics in the interest of self-preservation. The Drug War is a game, you see, it is not a crusade, and ethics has nothing to do with it. The players are merely players seeking to win. Right or wrong does not necessarily enter into the equation.
 
If the poor soul wishes to redeem herself and not lose custody of her children or face a lengthy prison sentence or lose all her worldly possessions, then she must prove useful, enlisting as an undercover agent in order to ensnare others in the drug trade, often at some risk to herself. Disgrace, humiliation, debasement, and dishonesty are the prices that such souls must pay in exchange for leniency in their sentencing.

Now, I was tested quite recently by an undercover agent who contacted me via Amazon, responding to one of my reviews. After an initial back-and-forth exchange of messages, she invited me to extend our acquaintance over to Facebook.

On the Internet, undercover agents prefer to pose as women, due to the universal truth that human beings do often place more trust in their mothers than their fathers. In the past, I have been approached more than once by agents due to my online activities of speaking out about political and controversial matters. The government is in the business of profiling individuals and speculating upon them. Those in power are sometimes motivated by the desire to dominate and control others, and principles such as freedom of speech don't appeal to their way of thinking.

Now I will let my reader in on a little secret. I am not a naive individual, although I may play one online. I am not sure how I attracted the attention of an agency, but my blog contains posts on controversial subjects. Whatever the motive, an agent glanced at my blog, concluded that marijuana was my weakness, my femme fatale, and employed a honeypot strategy.

I was offered free marijuana of the very best variety straight from a small organic grow operation in Mendocino County in California. All I had to do was say the words, "Please send me some marijuana," and a special delivery would arrive in the mail, accompanied, no doubt, by several squad cars.

I called her on her game, which at first I found amusing, but she stuck to her story and wouldn't confess to it, but just kept wading deeper into falsehoods. Nobody likes dealing with a liar, and I'm no exception, so I un-friended her / him on Facebook. I suspect the agent was male, a college-educated middle-class boy in his late twenties or early thirties not knowing too much about the world. He was well-trained by his agency and probably would have nailed someone else. Every message, he kept elaborating upon his proposal to mail me a package of marijuana, which I do believe is a federal offense that might even justify an open-ended seach warrant, which presents a huge hassle, having so many cops rummage through the home all day long on a fishing expedition--and I resent the entrapment. I think the trigger may have been something on my blog about a powerful official. It is not exceptional for officials to call in favors from law enforcement agencies.

Although some government employees may not comprehend or believe in the principles of the United States of America, I do, and I think that free speech is important, and sometimes may even be the duty of a human being, to say what is thought to be so, not for material, but for spiritual, for timeless reasons. I will not be intimidated, although I expect the latest will not be the last attempt at entrapment, whether the next lure proves to be sex, drugs, money, or something else. Not many people are acquainted with the phrase, amor fati, which has such a good ring that one prefers the Latin.

In terms of temptations, a job might actually hook me. I don't know. Like many Americans in today's economy, I'd love to get a good new job. A good job is the one thing I want most in this world. But I would not accept any job where I had to lie to people in order to make my living.

Saturday, January 5, 2013

Probtheme, Vampirestat, Zombiestat, Villainstat, Ontimemarketing

Dear fellow bloggers -- if your blog keeps getting traffic from probtheme, ontimemarketing, adsensewatchdog, uglystat, villainstat, vampirestat, or zombiestat web sites, just ignore all of that, as it is the product of worthless scumbag referrer spam-bots. Automated, unattended software programs generate these supposed "hits" on your site. They do not represent any human visitors and are not of any interest whatsoever. Do not visit the referring sites, because there is a high probability of malware. Do not link to the sites anywhere online. In other words, do not do the sort of things that the scumbags want you to do. The reason that some malicious hacker is running these bots is to generate traffic on the above-mentioned web sites and quite possibly to entrap, identify, or infect the personal computers of blog owners. End of story. Don't fall for it!

Update

It has come to my attention that some blog owners may have been posting the url of vampirestat, et al, on their blogs.

You will notice I was careful not to specify the url to any of the above sites when I was discussing them. Linking to a site means typing the basic URL in a message, post, or comment.

Let me be clear: Do not EVER link to a bad site like vampirestat, even if you only mean to complain about them or shame them. Do not even post a link in a forum! Search engine bots cannot yet distinguish between favorable comments and unfavorable. Search engine bots investigate each and every link they detect and determine associations between sites. If you link to a site, even if you hate it, you are helping it; you are associated with that site. Always remember that! If you have anything resembling the actual url of a malware site anywhere in your blog, then you are assisting their prevalence in search engines, and Google will evaluate your site as being associated with malicious hackers. Your site's Google ranking may decline, and your site may even be flagged as a malware site.Post a Comment
by igor 04:20 4 replies by igor 09:32 0 comments

Thursday, October 11, 2012

Social Media Buttons

Social Media Buttons? Check.

Blogspot's native support of social media buttons does not work, so I found an alternative solution and customized it for my blog. I prefer the buttons to reside in my author and comment box, rather than in the post itself. I cut Twitter's button, because it takes up more real estate than it is worth. Not a big fan of Twitter. I saw no need for Pinterest, since I post few images. I'm not as visually-oriented as some, and my interest in photography has always been minimal. What I like, for better or worse, is working with words, and I say "or worse" because the zeitgeist favors visual presentation over verbal by about a million to one.

The implementation here is buggy at present, because each post shows the same stats beside the AddThis and Facebook buttons.

Update: I adjusted the buttons to remove the stats. Facebook's Like button insists upon displaying stats, no matter if they are accurate or not. There is no way to turn the stats off. Facebook is saying in effect, "my way or the highway." I solved that problem by deleting the Facebook Like button. I don't know why Facebook has to be pushy. Given the choice of "my way or the highway," I tend to choose the highway.

Sunday, September 23, 2012

Delusion

I had a brief and pleasant fantasy the other day that the actress who played Sophie on Peep Show had read and liked some old article on the blog. Of course I would have no way of knowing other than via psychic impulse, i.e. delusion. After about five seconds I dismissed this as ridiculous for any number of reasons. If I were in her position, the last thing I would be doing is sitting around reading blogs.

Part of the charm/thrill/danger of blogging is that one never knows who will be reading. There is nothing to prevent anyone from reading anything here except for the sheer odds of finding a needle in a haystack.
Post a Comment
by igor 04:20 4 replies by igor 09:32 0 comments

Epitaph

This blog would make a fair epitaph for me in this electronic age. Who has the budget for granite sculptures? Not me, I'm poor. I'd rather go the free route and just hope that Google continues hosting Blogspot for free in perpetuity. It is a consoling thought that my feisty opinions, philosophy, technical lore and creative output will be around to torment unsuspecting readers long after I am gone.

Remember, hidden somewhere in the thousands of posts of fluff and nonsense is an emerald or three. Maybe. Or maybe a moonstone or iron pyrite.

One day if I see the end in sight due to, say, an unfavorable diagnosis, then I will apply the weed whacker to my blog and get rid of all the fluff until only the best posts remain. That might be a bit more dignified. But on the other hand, shouldn't I "keep it real?" Is every part of me worth preserving or only the finest or best expressed parts?
by igor 04:20 4 replies by igor 09:32 0 comments

Monday, September 17, 2012

Adios, Analytics

I think I'm going to remove the Google Analytics code from my blog, if I haven't already. It has been over a year since I've bothered checking my site statistics. I guess I just don't give a darn anymore about whether people are viewing or how many people are viewing. I have treated this blog since its inception as my personal playpen for opinions and ideas, my storage locker and alternative backup for technical information, and personal journal to deal with any philosophical or personal issues I might like to explore.

Surprise! Popularity was never one of my goals and to be honest, I prefer not to be popular, because popularity is pretty boring and I can't think of any celebrity I envy. The only thing about celebrity that I might envy is the money. Everything else that comes from celebrity just seems taxing, vain and mildly annoying.

I determined a long time ago that there is no money to be made with this sort of blogging or at least through my mediocre talents. I ran AdSense for a year or two as an experiment just to see how much revenue would be generated. I earned enough to buy a six-pack of cheap beer*. I never did request that check. Instead, I cancelled my account because the money was a joke and I felt bad about making my blog ugly with stupid ads for over a year. If one is going to sell out, then one should get a good price at least.

Oh by the way, Google Analytics consistently reported that a sizable chunk of my blog's readers are from Russia or nearby, which means that spambots, black hats, and related scum are frequent visitors. Russia is never good news in the server log.

* - I don't drink anymore, though. And I don't miss it.

Monday, July 23, 2012

Get that HPV Vaccine

I remember a couple years ago some right-wing Internet yahoo wrote that I was "a lazy race-baiting homosexual with warts."

I was surprised first of all that he had bothered to read enough of my blog to make these observations. You know, I'm glad when the opposition reads my blog. I didn't mind the homosexual bit. I'm gay, big deal. As for lazy, well, I know I'm not, and people that know me know I'm not, so that just bounces right off. Race-baiting, I don't know where he got that from. Maybe somewhere I didn't toe the party line on a sensitive racial issue exactly as he expected me to do. More likely, he misinterpreted a complicated sentence due to lack of basic reading comprehension. I don't know, but I thought that was the strangest part of his little critique.

As for the warts, they're gone now, although I did have them at one time and probably still carry the HPV virus like millions of other people. That is one reason I recommend that young people get the HPV vaccine. I wish I had. But having had warts doesn't really bother me, although it does raise my risk for cancer. Is there a stigma to warts? Maybe, but it can't be greater than the stigma attached to herpes. At any rate I've gotten past stigmas for the most part. Stigmas are stupid, a shortcut for people who don't like to think for themselves.

Moral of this little story is for people, especially the younger generation, who are or intend to be sexually active to get the HPV vaccine. It's cheap and not only will protect against warts but also certain forms of cancer. The vaccine is not just for girls either. Every young person should get it.

Thursday, March 8, 2012

What If I Were Hacked?

My recent post about Sabu and Lulzsec made me consider possible retaliation, because those so-called "freedom fighters" do not really believe in freedom of speech after all. They believe in crime and retaliation and that is all.

In the back of my mind, I consider the possibility that my blog, email address or other cyber-identity might some day be hacked or otherwise compromised by cyber-vandals (otherwise known in the media as "hackers," but they ain't nothing more than common vandals, little different from the clowns who deface road signs) or even paranoid law enforcement or some other element that I haven't yet considered.

Sometimes I edit a post and Blogger reports that there are conflicting edits, which makes me wonder whether somebody out there is trying to hack this little insignificant blog. Then I think, "Nah, couldn't be. My blog doesn't matter enough to be hacked." But you never know.

The simple fact of the matter is that I do make back-ups of my stuff on a semi-regular basis, so the complete destruction of my cyber-posts would inconvenience me for about five minutes at the most. Besides, I ain't Shakespeare and don't feel like I'm composing anything irreplaceable on here. I know better than to post my best stuff online, because people will steal it and claim it as their own. Also, I'm not proud and don't really care if someone posts "f*** u igor" or some other derogatory message. Similar things have happened before in the past and I'm sure will happen again at some point in time, the Internet being what it is.

Sometimes I have been contacted by people on fishy pretenses who seem a little bit too eager to learn more about me, while being mysterious about their own identity. As far as law enforcement is concerned, I don't feel I have anything to hide, and if they want to waste their time examining my activities then I would find that amusing, although the taxpayers might not be quite so amused by the waste of government resources.

My blog serves as a place where I can post my many grievances, complaints, insights, observations and predictions. If people find something useful or amusing here, then that is fine by me, but if not, that is okay, because I'm not in a popularity contest here. If I wanted this blog to be popular, I'd post exclusively on narrow technical topics, as so many bloggers do, instead of controversial topics such as politics and philosophy, because not many people really care what igor has to say about those things. But I don't care that they don't care. I post for myself. This is my public diary, not so much concerning the mundane events of my life but rather the intellectual threads that interest me. Take it or, more likely, leave it.
by igor 04:20 8 replies by igor 09:32 6 comments

Saturday, August 13, 2011

How to Undo Yassine Edder's Vandalism

The following is a guide to recovering a compromised Wordpress site, written at the request of a visitor to this blog.

An automated robot using the nym "Yassine Edder" attacked my beloved's Wordpress site last month. I was caught unprepared, in that I was unfamiliar with the security aspects of Wordpress and had not taken the proper precautions. I accepted the blame for that negligence and pulled an all-nighter undoing the damage and locking down the site so that no one will ever be able to compromise it again and installing countermeasures that will inconvenience spammers and malicious hackers.

The message content of Yassine's graffiti manipulates victims into assuming that Yassine Edder is some sort of harmless attention-seeking teenager inspired by the media. Make no assumptions about the motives of the criminal. All that is known is that Yassine Edder is a criminal running an automated script.

Yassine's modus operandi is quite simple*. First of all, understand that Yassine is not a human being, but an automatic robot running via script. The attack is completed within two minutes. The robot attempts to read wp-config.php, and if your file permission permits this, then it can extract the password to your database. Many people, myself and my partner included, neglected to set the file permission of wp-config.php to 400 or 440, the secure setting. In order to do this, you will need to FTP into your site with a program such as FileZilla, right-click on wp-config.php, and alter the permission. This is the very first thing you must do, because until you do it, your site can be compromised again and again. There is no point in performing a clean-up until you secure wp-config.php. Clean-up is not as important as establishing security. You must change the password to your database, because it has been compromised. Change it immediately in wp-config.php, lock down wp-config.php by setting the file permission, and then go into CPANEL and change the database password on your host. This will partially close the door to Yassine Edder. However, Yassine has established an admin account, and this must be deleted from the database as well in order to slam the door in his ugly face.

The next step is to delete the admin account and also remove the graffiti Yassine left behind. I call this the clean-up stage. Bear in mind that Yassine was not permitted more than a few hours of access to my partner's site, and the damage was undone quickly. I am not sure what the consequences are for people whose site has been compromised for several days or weeks. It may be that other robots or human beings return to cause more damage. If that is the case, then there may be backdoors installed in your site. You will need to scrutinize everything carefully. The best prognosis might even be obtained by recovering from backup. I did not have to do that, but again I nipped the problem in the bud early. You should examine your logs to see what has been happening. If you are not in the habit of examining your web host logs in their raw format, now would be a good time to start. By doing so, I was able to learn which IP address or addresses conducted the attack, how long it took, and how many files were accessed. That was helpful information that I later used to ban the very same IP addresses. The Yassine robot can never access our site content from the same IP address used before. All he will get will be a stern warning with links to spam-killer and harvester-killer sites.

Now I will discuss precisely how Yassine turns your site into his personal graffiti wall. There is not much to it really. The good news for me was that the damage was not severe or widespread, at least in my case, although that may not be true for all. I can only speak from my own limited perspective.

After obtaining the password to your MySQL database, Yassine then inserted records establishing a username and password, permitting a human criminal to visit later at his leisure. Go to your web host's Cpanel, go into MySql and modify the database records that Yassine has inserted or altered. If you do not know how to deal with MySQL, you must learn, as I did. Do not be intimidated. It is not really difficult. Obviously you will want to remove the record with Yassine's username and password. You will also want to remove the record that is causing your site to greet all visitors with Yassine's stupid graffiti. Take your time examining the database, because the malicious damage will be there. To my recollection there was one record with Yassine's username and password, and one record with the graffiti. However, there may be more. It should not be assumed that every site has the same experience.

After undoing the database damage, you should be home-free, or at least I was. My partner's site at this point was fully recovered with no damage and no backdoors. So I got a great big hug and a thank-you and a cup of hot cocoa. Take this opportunity to pursue the other security recommendations I have suggested elsewhere. Wp-config.php is not the only Wordpress vulnerability. There are others that should be eliminated as well. Also, the whole fiasco is a wake-up call to start making regular back-ups of your entire site, not just the files but the database as well.

There is also the possibility your FTP password could one day become compromised due to a local virus on your PC or a man-in-the-middle attack. I suggest using SFTP at all times, which is encrypted FTP. Securing your local network against viruses is important. Any compromised computer on a local network can monitor network traffic, so don't be complacent about your spouse's, roommates' or children's computers. All computers must be clean.


Footnotes:

[*] - This post and others makes an assumption that wp-config.php was the focal point of Yassine's attack. That assumption appears shakier the more I think about it. One thing I've learned in computers is that one should never be too sure about something. There are two problems that bother me about the wp-config.php hypothesis.

In the first place, I was under the impression that .php files were executed server-side and could not be read by the client. However, maybe there is a way to read the source code of an unprotected .php file. I don't know. I'm no .php expert, although I have coded .php programs of simple to moderate complexity.

Even more disturbing was the behavior of my partner's web host, the accursed Namecheap, which I have panned elsewhere for unrelated reasons. Following Yassine's attack, the entire host went down for several hours "for security-related issues", which suggests a server, or all servers were hacked. If that was indeed the case, then the host, Namecheap, was negligent in some unknown way. It may be that every Wordpress blog on certain compromised servers was attacked. I am not willing to rule out this possibility, but I don't have the resources or motivation to determine the facts of the matter.



As a general aside, I think it is interesting that I'm currently unemployed and can't get a job because employers assume I know nothing about the web. They discount the skills I obtained through self-learning. They think I know nothing. Well, skills are skills. It does not matter so much whether they are obtained on a 9-to-5 job. However, this seems to be outside the understanding of today's employers, who discard my cover letter and resume because I lack recent web-related work experience in an actual paid job. I have encountered an iron wall in the job market locking me out of any kind of technology job. However, whether I ever get a job or not, I will always be keen on computers. I'm ready, able, and willing, but the job market, the economy, is not. My potential is going untapped or diverted into recreational avenues like this blog, online chess and Scrabble. Oh well. I suppose I've got my health to be thankful for, among other things.
by igor 04:20 8 replies by igor 09:32 6 comments

Friday, July 15, 2011

A Few Words about Wordpress Security

A recent widespread attack that has damaged many Wordpress blogs exploited the file permission of wp-config.php. The permission for that file absolutely must be 400 or 440. Search for yassine edder on Google, a scum that is running an automated script out of Tunisia. The hacker I will henceforth call "Asinine" hacked a friend of mine, who was terrified of losing everything. I worked for three hours to analyze and then undo every last bit of the damage. But now I know some things about Wordpress security. And I have added tens of thousands of IP addresses in Tunisia to my blacklist, just in case Asinine hops over to a different cafe.

I cannot stress enough the importance of setting the file permission of wp-config.php. Lock it down tight. Don't delay, do it today.

No one, and I mean no one, should install Wordpress without first becoming very familiar with the security requirements. There are precautions that should be established prior to going public with a site. Setting the file permission of wp-config.php is #1 on the list. Until it is set in a proper manner, the site can be hacked by any idiot from here to Tunisia.

Make regular backups of your Wordpress site. I prefer using the excellent Snapshot Backup Plugin for Wordpress by Jay Versluis. I don't know whether he is any relation to the Versluis who created the excellent HV Menu, but such a connection can only be flattering. Indeed, the reason I downloaded the plugin was because of the name recognition.

I use .htaccess rules to secure the archive files on my Apache server. This will prevent unknown parties from downloading archive files, which remains a security risk until or unless the archive is deleted.

Copy and paste the following into the existing .htaccess in the wp-content directory or create .htaccess there if it does not already exist.

The above code uses a whitelisting strategy. Replace the IP address 111.222.333.444 with your own static IP address. The code will prevent anyone from downloading the .tar file--or any file with the text "sql", "old", "ini", "bak", "gz" or "log" in it, except for someone at the specificed IP address. If placed into the .htaccess in wp-content, it will control access for all files and directories within wp-content. It does not affect the parent of wp-content.

Another way to protect archives, instead of using a whitelist, would be to demand that the downloader enter a password. This is also possible to do in .htaccess, but I went with the whitelist, because it's more convenient for me.

Incidentally, the same whitelisting strategy is highly effective for the .htaccess located in the wp-admin directory. Do not allow anyone except one IP address to access the adminstration log-in. This will lock down security on your Wordpress site. Wards off brute-force attacks and other games hackers play. It could be adapted for sites with multiple admins, as long as the IP address of each admin is known and remains static. Could be a problem with a mobile admin, though!


I wonder who traxodone@gmail.com is? That individual sent me an email mere hours after I had posted this:


Hi Igor,


I've find your blog through Google and I hope you can help my. My blog is hacked by this guy from Tunisia, how can I restore my blog and password for wp admin?


Kind regards,

traxodone


I wrote back asking for more information, such as the blog ID and some reasons I should volunteer my assistance. No response. Well, I can't help anybody that does not communicate. Said individual may well be the hacker responsible for the attacks.

Tuesday, July 5, 2011

"Broken Controllers" Classifies Me as a Sports Writer

I noticed that one of these content aggregation sites subscribed to an RSS feed of my blog. I can't think of any reason I should mind.

This blog is averaging about 35 visits per day, nothing to write home about, although a bit better than last year's average of 20 per day. I interpret my blog as a journal that I share with strangers Just Because. I don't even know all the reasons why. At least on a blog, there is a chance someone other than myself might read one of my entries, if only by accident. There is also a chance they might benefit by doing so, although I'm not placing any bets on it.

However, this aggregation site classified me in a forum called "Sports Club," which I find amusing. When have I ever blogged about sports? I think Philosophy, Politics, or even Computers/Internet would be more appropriate. I doubt they have a Dungeon Crawl forum.

Well, at least one question is settled, that of whether Broken Controllers' webmaster ever bothered reading anything on my blog before subscribing to an RSS feed.
by igor 04:20 4 replies by igor 09:32 0 comments

Saturday, June 25, 2011

Opinions are Obstacles

Sometimes I jump the gun with my opinions. I leap to conclusions. Blog posts about Firefox and Drupal are recent examples. I deleted those posts after reconsidering. I prefer not to have opinions, because opinions get in the way of reasoning. I am reminded of the maxim: Nothing is good. Nothing is bad. Everything just is.

Notable exceptions would be actual cases where people are getting hurt. My general rule would that in any case that involves human suffering, the suffering of animals or the destruction of the environment, one must have an opinion in order to be ethical. But in the case of technology, ethics seldom apply. I like to remain more or less neutral where technology is concerned.

Firefox makes neutrality difficult for me, because it is superior to Internet Explorer as far as I can see, and besides, I hate the way Microsoft insinuates itself into everything on the computer. I wish MS confined themselves to making the operating system, period. That would be well enough. But no, they want to get into everything on the computer and even on other gadgets as well. That's not a good thing.

However, my blog post was inaccurate in claiming that Firefox did away with the "Add Tab" button. Actually, the developers relocated the "Add Tab" button. I simply didn't notice until after I had written the blog post. When I noticed, I deleted the post, even though it had taken me an hour to write. There was no way I saw to salvage the post. It was just plain wrong.

I didn't like my post on Drupal and deleted it because it was too harsh. The fact is, Drupal developers are volunteers, as far as I can tell, and that is a valid excuse for any problems one might encounter with Drupal. Didn't pay for it, so why complain? I'm sure the developers are well aware of the various problems and intend, one sunny day, to resolve everything.

True, I feel like I wasted a lot of time trying to iron out problems with my Drupal installation. True, I do not plan on recommending Drupal to anyone that I consider a friend. But that doesn't mean I want to rain on the Drupal parade. The system works well for some people, or so it would seem. It simply was not a good match for my requirements. I prefer to take that line.
by igor 04:20 4 replies by igor 09:32 0 comments

Friday, June 10, 2011

On My Avoidance of Images

I'm aware that other blogs make liberal use of clip art, but I avoid that here, because it is ubiquitous and smacks of plagiarism, unless one uses one's own images, and I'm neither artist nor photographer. A better way to distinguish my blog might be to concentrate upon the text and the design. I may be right, I may be wrong, but that's my preference. I think there is still a place for the written word and that it has charms of its own.

As a webmaster of a different site than this one, I have detected many people using images found on my site, even using our server's copy of the images--in fact, that is why I am able to detect their use. It doesn't bother me, as it would an artist, because most of the images used on that web site are unoriginal and represent little investment in time on my part. However, I have many observations about this indiscriminate use of clip art.

Many times, other people's frequent dropping of images seems tacky. The owners don't realize that. It makes me wonder whether I should go about deleting images from my web site, because maybe the images make my web site tacky, too, and I'm just too close to my baby to perceive its ugliness. I seldom receive any constructive criticism or feedback about anything, so I don't really know for sure what looks good or bad. I only have my own preferences, which may be out of tune with the zeitgeist. Oh well. Such is the fate of many a small web site.

Also, I don't really appreciate people leeching bandwidth from my web site by coding a direct link, called a hotlink, to images on my site's server. My site receives no visitors that way, but is compelled to transmit data for the sake of another site. For fun, I like to replace images with banner ads for my web site. Some of these banner ads can be a bit risque, but too bad for the losers. That's the chance one takes by hotlinking. I have had many a belly-laugh from visiting other people's sites and seeing my banner ads. Months and even years go by without the owners detecting anything amiss. Thanks for donating space on your site to my viral advertising campaign, losers.

One of my acquaintances is an artist, and he gets far more irritated than me by image theft, because he perceives it as a threat to his livelihood. In fact, he's become something of an anti-pirate. I think his fears are overblown. For my part, I'd not want anything from his portfolio, even if he were to give his work away for free. It is often thus with people that worry over piracy. They have an exaggerated sense of their product's worth. At any rate, if he is so worried, it is a simple matter to protect artwork on the Internet. Offer a small version, rather than a large. Seems pretty obvious. Instead, he's fooling around with watermarks and javascripts, both of which can be circumvented. But he has not paid me for my technical advice, and giving it to him for free would be another form of piracy, wouldn't it. On the other hand, if he wants to pay my consultation fee of $49.99, then I might clue him in. He's called me up before asking me to fix his computer in exchange for artwork. Don't want it. Prefer the little strips of green paper instead.

Unlike my artist acquaintance, I don't worry overmuch about piracy, because I've never had any inkling that any of my stuff would be considered valuable by anyone else. No one has ever hired me on as a writer or given any sort of monetary encouragement to pursue my creative labors, so I feel perfectly safe in posting all of my creative work on the Internet, just as I feel safe in leaving the doors unlocked on my $1500 car. If someone wants to steal my thoughts, well, good luck with 'em, but you may be in for a bit more than you bargained for! Everything I do is protected using Igor's patented "Liberal Ideology" technology. I sprinkle my left-wing opinions into everything I offer online, so that if people copy my stuff, they are helping spread my memes in viral fashion. I'd much prefer they link back to me and give me credit for my work and am annoyed when they don't, but if my ideas spread, then that's really what matters, isn't it, especially after I'm dead and gone. It's a half-assed form of immortality. Perhaps in the future there will be more people sharing similar thoughts and feelings as me, and that's all to the good, I think.
by igor 04:20 4 replies by igor 09:32 0 comments

Tuesday, May 24, 2011

Drupal 7.0

Drupal 7.0's default support for images seems rather primitive and not easy to configure. I was close to uninstalling Drupal and converting to Wordpress, which I may still do. I think Drupal's intended use is for large enterprises, public forums and the like, where the average creator is held in poor esteem. Everything about Drupal is intended to limit, confine, and exclude, to prevent users from doing naughty things like, I don't know, uploading porno or bad-mouthing the boss. Drupal seems poorly suited for the purpose of a personal blog or any small operation where the content creators are known and trusted.

I spent two hours trying to figure out how to accomplish in Drupal a task that would have taken me a skinny minute in pure HTML--adding a picture to content. In WordPress or Blogger, the procedure is relatively straightforward. Not so with Drupal. There is zero out-of-the-box support for image upload and insertion. One must first tweak the configuration, a point that not obvious to the end user. Eventually, through lengthy trial and error, I discovered that in Drupal 7.0, every user must first click on Structure | Basic Page | Manage Fields, and then add a new content-type for image. Then and only then will a prompt for image insertion appear on the Edit Content page. This essential configuration step was obscure. The so-called "Help" pages suggest a great many things that accomplish nothing, like clearing out the cache or checking the file hierarchy.

Anyone coming from a pure HTML/CSS background may be disappointed with tools like Drupal that seem to add rather than reduce complexity, and remove rather than add functionality. Drupal's really an enterprise tool, acting as a nanny for techno-dummies who can't be bothered to learn anything about html or css. For wannabe bloggers, I recommend Google's Blogger for pure ease-of-use and simplicity or Wordpress for the power user who wants greater control over the end product.
by igor 04:20 4 replies by igor 09:32 0 comments
techlorebyigor is my personal journal for ideas & opinions