Frugalhoney.com Attacked Part III – Moved It To Blogspot

UPDATE on Jill’s blog. To recap, Jill’s Personal finance blog https://frugalhoney.com was suffering a denial of service (DOS) brought about by a Brute Force attack. A brute force attack is when the website is made so busy trying to serve pages that it essentially hangs.

After I backed up the site and made it run on my laptop I went to work. Brute force can be done in multiple ways and slowly I started to fix issue after issue. I was careful not to overdo it because I wanted to know exactly how the site was being attacked via trial and error. First I started to protect Wordpress essential files and placed captchas. When that didn’t work I stopped wp-cron.php. When that didn’t work I installed a high end plugin that hid system pages even more and stopped certain procedures altogether that were not essential. After that I finally cloudflared my DNS to block and document attacks. I was working with my US host to fix the issue and overall we traded close to 30 emails.

Continue reading “Frugalhoney.com Attacked Part III – Moved It To Blogspot”

Frugalhoney.com Attacked Part II

So i’ve confirmed that Jill’s site https://frugalhoney.com is going through a brute-force attack. A brute force attack is software that does two things. 1. keep trying to guess a password and 2. tie up the login page of the website disallowing anything else. Think of yourself as a bad guy and you do not want people to call the police. While you cannot destroy the phone system you can instead keep calling the police’s phone so when anyone tries to call them they keep getting a busy signal effectively disabling it.

Continue reading “Frugalhoney.com Attacked Part II”

Frugalhoney.com Attacked

So jill’s Personal Finance website https://frugalhoney.com may or may not have been hacked. I say ‘may have been’ because Server logs showed classic hack signs such as brute-forcing wp-login.php and wp-admin.php, the key wordpress files to try and access the dashboard.

For a site that gets only less than 200 visits a day that’s suspicious. Most random type hacks try to access every possible file but in this case it seemed very specific.

Continue reading “Frugalhoney.com Attacked”

How To Avoid Showing Girls In Bikinis On Your Presentation

How To Avoid Showing Girls In Bikinis On Your Presentation

Whether you are using Windows or a Apple computer, there’s a feature called Accounts. Accounts allow you to set up your computer so that another person can use it. That other person will have his own Desktop, his own wallpaper, his own Documents etc. as if it was his own computer, all protected by a different password than the main account.
Continue reading “How To Avoid Showing Girls In Bikinis On Your Presentation”

Drupal 8 Tip: How To Patch A Module Via Composer

In my case I was using the Entity Auto Term module, which issued a patch fixing a known issue. The patch i’m trying to apply is https://www.drupal.org/files/issues/2018-09-28/no-duplicate-terms-2945343-5.patch and part of it looks like this:

To apply it, you have to edit your composer.json located at your website root, pictured here via Filezilla FTP:

I right click view/edit to edit it in Notepad++ here:

I will need to add the red part below. You will most likely have the green part already present, so just edit the red “patches” section to fit your needs.

"extra": {

"installer-paths": {


"web/core": ["type:drupal-core"],


"web/libraries/{$name}": ["type:drupal-library"],


"web/modules/contrib/{$name}": ["type:drupal-module"],


"web/profiles/contrib/{$name}": ["type:drupal-profile"],


"web/themes/contrib/{$name}": ["type:drupal-theme"],


"drush/contrib/{$name}": ["type:drupal-drush"]


},

"patches": {

"drupal/eat": {


"Drupal EAT fix duplicate terms": "https://www.drupal.org/files/issues/2018-09-28/no-duplicate-terms-2945343-5.patch"


}


}


}

Next run Composer Update, and the output should look like this:

That’s it you should be all set.

My Idea for LGUs: Online Village Sticker Administration

Every year small to large villages called barangays, villages or LGUs (Local Government Units) all over the Philippines issue annually renewed stickers to the public allowing entry into their villages. Tenants pay a regular fee while non – tenants are charged more for the privilege, a common practice for villages used as shortcuts for drivers to skip traffic or are home to schools or offices that non tenants need to visit.

Annual renewal is an arduous process especially for larger villages and the process is akin to car registration renewal – yet another one of the many annoying things car owners have to go through. I always thought IT could help so here’s a web based facility that may automate the process:

Sign Up and fill up a Profile

Here is the sign up process:

  1. Tenant or Not?
  2. Business or Individual?
  3. Full name / Company / Organization Name
  4. Date of Birth
  5. Address
  6. Gender
  7. Mobile / Telephone Number
  8. Government ID (Driver’s License, Passport, etc.); or DTI / Mayor’s Permit

Continue reading “My Idea for LGUs: Online Village Sticker Administration”

Government IT Idea: Centralized Document Clearing House

After a few years working at different government agencies I’ve come up with a few ideas. Some I thought of myself, many from discussion with consultants like myself, some seen from abroad, etc. I’ll be writing at least one per week, starting with this one:

Idea: Centralized Document Clearing House

THE PROBLEM:

Government agencies send hardcopy letters, memos, invitations, official papers and all sorts of documents to each other all the time. The potential for fraud is medium to high especially for example when LGUs write to ask support from government agencies and Congressmen or Senators for regional projects ie. bridges, buildings, medical facilities and all sorts of infrastructure. Continue reading “Government IT Idea: Centralized Document Clearing House”

‘Jargon – Free Contract’ Boils Down What An Agreement Really Is

I like this ‘jargon free contract‘ I saw recently from Boingboing.net, which I copy here:

You give me money, I’ll give you creative.
I’ll start when the check clears.
Time is money. More time is more money.
I’ll listen to you. You listen to me.
You tell me what you want, I’ll tell you what you need.
You want me to be on time, I want you to be on time.
What you use is yours, what you don’t is mine.
I can’t give you stuff I don’t own.
I’ll try not to be an ass, you should do the same.
If you want something that’s been done before, use that.
PRO BONO
If you want your way, you have to pay.
If you don’t pay, I have final say.
Let’s create something great together.

It’s enjoyable because for the most part this boils down my own experiences as a Consultant and Freelancer and more importantly how it relates to expectations while executing work.

Continue reading “‘Jargon – Free Contract’ Boils Down What An Agreement Really Is”