Blogs Eye

Wikimedia hitting my sites

I have some plugins that are not only blocking spammers but collecting their IP address so I can create lists of spammers. I use this in my htaccess file.

Recently the plugin reported that WikMedia was scanning my site, probably without a proper request header. It was banned. I don’t think that WikiMedia is a spammer, but why are they scanning my site? I would not expect them to have any reason for accessing my web pages.

Keith


Stop Spammers Version 6.00

The website is now running under Stop Spammers v6.00 plugin. It is 90% done, but is still throwing errors. I will try to fix all the errors as they come up.

The plugin admin page summary is not done yet and there are no working options in the log. Lots of little stuff in the admin options to fix up.

I am stuck on Amazon AWS. It is a white list option and a block option, but they are the same thing. You can check off that access by Amazon cloud servers are allowed, because they sometimes provide useful services. You can also check off that they are denied because so many spammers use the free AWS coupons to run a spam server for a few hours until Amazon shuts them down. The first option trumps the second, but I have to keep them as two separate, but duplicate checks.

I have to integrate Akismet.

I have not put in the “right now” options on the admin page and I have not written the ajax stuff to report spammers.

I have not tested MU networked blogs at all and I am pretty sure they won’t work, so I am miles away from being done.

For now, you can’t download it, but I will be making it available as soon as it is stable.


Cloud Services

I run DropBox, OneDrive, Copy, Google Drive and Cubby on my machine. I guess I am a sucker for cloud storage.

I use DropBox to store my SVN plugin archives. I use OneDrive to store my stories and fiction works in progress. I use Google drive for documents and to host a few static sites. I forgot that I even had Copy. It has a backup (from last April) of my websites.

My favorite was Cubby because it allowed me to sync folders located all around my disk. I synced the folders that I use for Stop Spammer work. Recently, though Cubby stopped syncing. I found that it was storing deleted files and versions of old files and it blew through the 6 gigs that I had. Clearing out the old stuff got me back to 4 gig free. The failure, however, was silent and I went a few days cursing the fact that I lost changes. I thought Cubby was having errors or else the software was not working at all.

This week I installed OwnCloud.org on a subdomain on my hosting service. It was an item in “Softaculous”. The installation was entering the subdomain name and clicking OK. I then installed the desktop client and after a few false starts was able to backup my stop spammers development folders. It is now installed at my day job, here in my home office machine and my laptop. If I edit a file in one place, it shows up on the other machines automatically so I don’t have to keep track of changes. I like it.

OwnCloud is slower than the other services because it runs under PHP on my host server. It uses resources on the host server where I am limited by the number of PHP hits that I am allowed each month. I will have to keep my eye on it. I want to control the frequency of its server checks and maybe not check at all during the night. I will investigate this.

Now, what I would really like, is the ability to configure OwnCloud so that I can sync the www_root folder on my servers and then when I make a change here it will instantly appear on the website. This sounds like a good way to break a website, but it is also a simple way to update static sites.

I will check to see if anyone has a OwnCloud plugin for WordPress that does this for the dynamic sites. I thought about it and it seems very complicated. Perhaps I could write something to sync settings, users and posts as well as physical files.


PSI Net

I received a message from someone who wanted access to my site and was blocked. I traced his IP to PSI net and removed the block. The person got the latest version of the plugin and thanked me.

20 minutes later, I had a login attempt that was blocked. It was a PSI net IP, not the one that had requested access.

PSI is a commercial internet provider. It provides network access to companies. It is obviously non too careful about allowing servers that run dictionary attacks on websites. PSI is blocked for good, now.


Danger of keeping zip files on server

RAR files are compressed files, often used by hackers or pirates, in place of a zip file. Zip files are a convenient way to back up a website. It is possible to back up a website to a zip file using CPANEL’s file manager. I had, until a few minutes ago, several zip files on my host from when I changed hosts. These files contained all the details of site. They included the database password as part of the configuration of WordPress.

I was just hit by robot scanning several sites for a variety of RAR and ZIP files. I think they were trying to find an archive of one of my sites.

These are some of the files that were scanned for. Fortunately I did not have any of these lying around.

/2013.rar, /old.rar, /news.rar, /beifen.rar, /2.rar, /3.rar, /htdocs.rar, /ag.rar, /uploads.rar, /11.rar, /db.rar, /1.rar, /www2.rar, /com.rar, /ceshi.rar, /wwwroot.rar, /webcom.rar, /web.rar, /shujuku.rar, /www.rar, /flashfxp.rar, /\xcd\xf8\xd5\xbe.rar, /wwwroot.zip, /webcom.zip, /htdocs.zip, /111.rar

I am adding some of these to my WP Protection program. I can’t block any access of just any zip or rar because there are legitimate reasons for letting users download them. Anyone who scans for one of the files above and doesn’t find it will be added to the htaccess deny list.


New White List

I added Deutsche Telekom and Kabel Deutschland to my white list and I am waiting to see if I get spam from these ip blocks. I had them black listed for a while, but I received a couple of reports from residential customers not making it through. If I start getting lots of spam I will turn them off again.

I am white listing Amazon AWS because the blacklist was stopping some important web services that I use. I am going to turn the block back on and white list individual IP addresses again. AWS lets spammers mount an instance and start spamming for free. They shut them down right away, but in the mean time I get a few hundred spammers or hack attacks. Until they start requiring a credit card I can’t let AWS into my site.

The most troubling white list was Tiscali Italia. I put them on the white list and got a huge spam hit. I think that Tiscali Italia does not keep ahead of the game as far as zombie computers on their network.

I think that I am going to start tracking individual IPs on white listed networks. If I get a confirmed spam I will block just the IP and keep on white listing the block. This will mean managing a growing list of single IP addresses, and perhaps timing them out after a few weeks. Blocking a range is so much easier. This requires a bit of coding and I probably won’t get to it right away, but it is something that needs to be done.

As far as Tiscali Italia goes. I am watching it and will probably black list it again. My Italian customers will have to use other sites to get what they need.

I am also considering making a static subdomain for each of my domains so that blocked users can view the data, but not have access to the php files.


Stopping Cloudflare SSL

I implemented the CloudFlare flexible SSL and installed the CloudFlare SSL plugin on JT30.com and all of the pages correctly redirected to HTTPS. This was supposed to be a good thing. I did it because I was supposed to get an SEO bump from Google.

The actual result that the Google search query results according to Google Webmaster Tools dropped to practically nothing starting the day that I changed to SSL. Google stopped sending me traffic as soon as I turned on the CloudFlare flexible SSL.

Today I turned it off (which is pain because WordPress likes to go into an endless redirection loop). I have to go into FTP to delete the CloudFlare plugin and go into PHPMyAdmin to change the site URL in the WP_OPTIONS table to HTTP from HTTPS. This is unpleasant.

I am waiting for the Mozilla SSL to come out, and I am hoping my web hosting company will let me set it up without having to pay them a fee. If they don’t, I’ll have to change hosting companies yet again.

Update:
Google referrals are starting to come back:
Here is a screen grab showing the drop around the 14th and the slow rise back after the 26th when I turned off SSL.


Down Again, Up Again

(WordPress 4.1 Beta1 has a new fancy post writing interface that is very annoying. Things keep popping up or disappearing. I’ll have to get used to it.)

I woke up this morning to 500 errors on all my sites. The new software intercepted another toxic code insertion attempt and logged it. It scrambled the end of my htaccess file. I am going to stop listing the reasons for blocked code in my htaccess. I thought that I put a nice filter on the reason codes, but for some reason it did not work.

The good news is that the malware detection code for the new plugin stopped a really noxious attack on my site. I think that I might make this a standalone plugin and release it to the WordPress repository and I might stop some site hacking.

I an thinking about checking file uploads, too. I could then check for nastiness in uploaded files before the upload is processed.


SSL and Spam

I have configured my site JT30.COM to use HTTPS. I used my CloudFlare account. My hosting company charges $200 to configure SSL on my site, so the free CloudFlare account is for me.

I am configuring SSL to 1) see how it interacts with my spam software, and 2) improve my website’s page rank with Google who now gives extra points for SSL.

The setup went easy. I configured on CloudFlare. CloudFlare told me that I had to change my DNS so I did it. Luckily I had not actually visited the JT30.COM site today, so I did not have to worry about cached DNS. Sometimes you have to wait a few hours for DNS to refresh.

After I finished configuring CloudFlare I pinged the site and it showed that CloudFlare was working. I went to the site and it was still there. I tried HTTPS://www.jt30.com and it was not working correctly. The web page showed http: resources such as CSS files that were not loading on the https: site.

I tried changing the WordPress settings to HTTPS for the site address and hung up immediately with a redirect loop error.

I had to log into PHPMyAdmin through the host panel and manually fix the wp-options table to get it back to http.

I then tried the CloudFlare SSL plugin. After installing it I tried https: and it worked. I then changed the site URL to https and that worked.

So it only took about 10 minutes to switch over and the only minor hiccup was WordPress trying to do endless redirects when I turned on https. The plugin stopped that right away.

The secure icon has an exclamation point because there is no Site Information configured. I assume this is a CloudFlare issue so I have to research that.

Now I will monitor the traffic and see it it improves as Google finds out that I did this.

I will watch the spam statistics and see if I get any errors from JT30.com.

If I go a week without major crashes, I will start switching over other sites to HTTPS.


AudioCD.com

Back in 1998 I registered AudioCD.com. In those days Network Solutions was the only way to register a domain and Internic.net allowed me to search for domain names. I found some dictionary databases and lists of common English phrases and ran millions of checks against the whois database looking for good domain names. NetSol shut me down after about a month where I was hitting them at 40,000 request an hour. I discovered lots of good names. In those days there were even a few two character names still available. I remember that I could have registered several cool two digit domains with a dash in them like “-0″ or “Z-” and I should have. Who knew?

I found AudioCD which seemed to me to be a money maker, and I bought the domain for $40. In those days you needed a DNS to buy a domain so I used my companies DNS. I’ve sat on the domain since, hoping to one day sell it.

I waited too long. The world has moved beyond Audio CDs and is now digital. You can still buy CDs as some stores, but nobody does.

I have decided to keep the domain for one more year (cost about $13) in the hopes that I can think of something good to do with it.

I have a few other domains that I am letting slide. GThread.com will expire next month and some more early next year. I am letting go my Baseball “Magic Number” sites because Facebook has made them obsolete. These site don’t pay for themselves, although at one time I made lots of money on them.

I own KPGraham.com and KeithGraham.com and I think I should drop these, too. I don’t need a vanity site for my resume anymore. I don’t sell myself.

I have 40 domains I intend to bring that down to 25 by this time next year. In the mean time I am going to put some of them up on an auction site to see how they do.


Login Forum