Hack Attack 2014!

Screen Shot 2014 12 03 at 11 14 07 AM

So, per a previous blog post on security, this is why you don’t use an obvious username. If you look at the number of emails in my inbox, there are 316. There were actually over 400. The night before, there were 18. Each email represents 4 attempts to force break one of the sites I host so that’s around 1600 attempts to guess the password.

The site in question has a math captcha, so this really shouldn’t be happening at all. I guess someone found a way to nullify the WordPress math captcha I paid $8 for: these things happen. On the other hand: basic security does the trick here. The username they are trying to hack is the wrong one. They are basing it off of the URL: the username they are trying is the URL…

It seems they have the wrong username. I'm not going to give them any help figuring it out!
It seems they have the wrong username. I’m not going to give them any help figuring it out!

Guess what, that’s not the actual user name! So even if they somehow stumbled across the right password, they would have to have the right username and, in this case:

1. It has nothing to do with the name of the site.

2. It’s not admin, administrator, webmaster, or any conventional user name.

So- they won’t be able to hack the site this way no matter how hard they try. To summarize, use basic security precautions: nonstandard username, strong password, and set profile so name of avatar on posts is not the same as the username. On a multi-user site, give each user only the access privileges they actually need and no more. Do these things, and all will be well even if people try to hack you (as they did here)

It was a pain to delete the 400 email notifications- but that’s part of the trade I guess, and why people get paid money to host! Other people anyway- the clients still haven’t paid. That’s ok though- I altered the site to reflect that and it makes me feel better!


Why a copy and pasted legal notice will not invalidate Facebook’s terms of service

Why is the grass green? Why is the sky blue? Why are we unwilling to take the  time to determine what is true?
Why is the grass green? Why is the sky blue? Why are we unwilling to take the time to determine what is true?


Today, on December 2, 2014, I went and actually read Facebook’s terms of service after seeing a zillion people post privacy notices which various debunking sites, including but not limited to Snopes, say are a scam and useless.

I realized that under these terms anyone who uses Facebook gives them a royalty-free transferable worldwide license to their uploaded original content. That sounds bad, except that without that clause, it would be illegal for FB to allow other people to share your posts, or even read them. This license also ends when you delete your Facebook account or delete any given post from Facebook.

That makes such a license a reasonable, necessary, and good thing, good because without it Facebook could not exist. In order to even view someone else’s status post, you are downloading a copy of something they created. They are sending  a copy of what they wrote to Facebook, which stores a digital copy, and then when you log in they send the copy to you, which you download to your computer than open in order to see it. This is perhaps oversimplified, but in terms of copyright law that is what is happening.

Obviously, that’s not legal unless the people using Facebook agree to terms that allow this. Which they do.


Except I guess they don’t because they are posting stuff like this. But they keep using Facebook so their actions make their words meaningless.

Copying and pasting a legal notice originally written by someone else does not negate the terms  of service you prove you agree to by continuing to use Facebook.

If you don’t trust Facebook to not use your content for advertising or sell it, that may or may not be a legitimate concern, but expecting a status post to change that while continuing to allow them to control your data is ridiculous.

The privacy notice is a talisman. People put on the necklace of copyright law and then go back to posting photos and updating their status and think they’re protected. It’s like garlic and vampires: both the effectiveness of the step and the reality of the threat are doubtful.

The real way around it is to not put content you care about on Facebook’s servers. Put it up on your own site, or using another service who you trust, and then link to the content on FB. Or stop using Facebook.

Or, you can just get over it. Sharing something you created requires a level of trust and a relinquishing of control.  Books can be copied. Music can be stolen. Paintings can be photographed. This was true even before the internet existed.

But with the internet, you can share your work with more people, easier. If you have something you want to share with the world, this is a good thing. If you want to completely control your work, this is not, but there’s a solution: keep it to yourself and don’t let anyone else see it, ever.