Tag Archives: chicken plucker

Hack Attack 2014!

Screen Shot 2014 12 03 at 11 14 07 AM

So, per a previous blog post on security, this is why you don’t use an obvious username. If you look at the number of emails in my inbox, there are 316. There were actually over 400. The night before, there were 18. Each email represents 4 attempts to force break one of the sites I host so that’s around 1600 attempts to guess the password.

The site in question has a math captcha, so this really shouldn’t be happening at all. I guess someone found a way to nullify the WordPress math captcha I paid $8 for: these things happen. On the other hand: basic security does the trick here. The username they are trying to hack is the wrong one. They are basing it off of the URL: the username they are trying is the URL…

It seems they have the wrong username. I'm not going to give them any help figuring it out!
It seems they have the wrong username. I’m not going to give them any help figuring it out!

Guess what, that’s not the actual user name! So even if they somehow stumbled across the right password, they would have to have the right username and, in this case:

1. It has nothing to do with the name of the site.

2. It’s not admin, administrator, webmaster, or any conventional user name.

So- they won’t be able to hack the site this way no matter how hard they try. To summarize, use basic security precautions: nonstandard username, strong password, and set profile so name of avatar on posts is not the same as the username. On a multi-user site, give each user only the access privileges they actually need and no more. Do these things, and all will be well even if people try to hack you (as they did here)

It was a pain to delete the 400 email notifications- but that’s part of the trade I guess, and why people get paid money to host! Other people anyway- the clients still haven’t paid. That’s ok though- I altered the site to reflect that and it makes me feel better!

 

Welcome, a note on current projects (WordPress-a site that should not be moved)

So, this is the first post under this name on the new site- a site that I am hosting on server space I have real control over. It’s been an interesting transition. This blog and concept used to be at this site, on WordPress.com

I decided that I needed a hosting package in order to continue to be able to experiment with PHP,  to be able to do Wordpress sites that could be more easily modified, etc… there was initially a pretty steep learning curve in terms of DNS entries, etc, and there was a certain cash investment in a hosting package.

However, the moment I did this I started to pick up paying work, and the money sunk has already been recouped. Right now I’m hosting four sites, two of which are paid for.  All of them are WordPress sites.

I’ve made lots of mistakes, including what could have been a really embarassing failure.

He who installs WordPress in a directory different from that in which it will ultimately reside courts disaster, and rubs buttocks with the whirlwind- Peter Dickson

It’s not easy to move a WordPress install. I put it in a temporary location, and then bought the domain after and tried to switch it by adding that domain to an existing subdomain and cPanel wouldn’t do it. I backed up everything in public html, deleted the subdomain, and put it back up with the add on domain point to the original public html folder associated with the subdomain. At this point, I could direct people to the site using the correct URL but once you navigated away from the home page the page titles and the tabs in browser reflected the old names and not the new. I now know this was because of internal links in the database.

I then thought I’d uninstall WordPress and then put it back up with FTP (not sure why I thought that was a good idea) and of course this DELETED THE DATABASE and when the site was back up nothing worked. I stayed up all night redoing the site from scratch. Fortunately it was small enough that this was doable, and the end product was actually better than before.

It’s a very amateur mistake, and a really stupid one that I WILL NOT MAKE AGAIN EVER.

I now know there are scripts, you can do search and replace on certain tables of the database, or more important you can spend $11 on the domain you/the client actually wants and get it set up first so you don’t have to move a WordPress site unnecessarily.

And of course if I ever do have to do this again, I will back up the database and go slower, but hopefully I don’t have to do this for quite a while, or ever maybe. The site is up now, it is beautiful. Not perfect, but pretty good for a simple ecommerce site, especially if you want a chicken plucker that is under $50, fits into a standard drill, and is American-made.

Anyway, it’s been a trip and I am tired now. But if you’re here: welcome! I hope you find something here that interests you!