UPDATE on Jill’s blog. To recap, Jill’s Personal finance blog https://frugalhoney.com was suffering a denial of service (DOS) brought about by a Brute Force attack. A brute force attack is when the website is made so busy trying to serve pages that it essentially hangs.
After I backed up the
site and made it run on my laptop I went to work. Brute force can be
done in multiple ways and slowly I started to fix issue after issue. I
was careful not to overdo it because I wanted to know exactly how the
site was being attacked via trial and error. First I started to protect
Wordpress essential files and placed captchas. When that didn’t work I
stopped wp-cron.php. When that didn’t work I installed a high end plugin
that hid system pages even more and stopped certain procedures
altogether that were not essential. After that I finally cloudflared my
DNS to block and document attacks. I was working with my US host to fix
the issue and overall we traded close to 30 emails.
Continue reading “Frugalhoney.com Attacked Part III – Moved It To Blogspot”
So i’ve confirmed that Jill’s site https://frugalhoney.com is going through a brute-force attack. A brute force attack is software that does two things. 1. keep trying to guess a password and 2. tie up the login page of the website disallowing anything else. Think of yourself as a bad guy and you do not want people to call the police. While you cannot destroy the phone system you can instead keep calling the police’s phone so when anyone tries to call them they keep getting a busy signal effectively disabling it.
Continue reading “Frugalhoney.com Attacked Part II”
So jill’s Personal Finance website https://frugalhoney.com may or may not have been hacked. I say ‘may have been’ because Server logs showed classic hack signs such as brute-forcing wp-login.php and wp-admin.php, the key wordpress files to try and access the dashboard.
a site that gets only less than 200 visits a day that’s suspicious.
Most random type hacks try to access every possible file but in this
case it seemed very specific.
Continue reading “Frugalhoney.com Attacked”
So as a government consultant I am subscribed to the Philippine Government Electronic Procurement System (PhilGeps), and I get an email whenever the keyword ‘consultant’ pops up on any requirement. A few days ago I was quite surprised when I got this:
Continue reading “SSS Assessment & Vulnerability Testing A National Security Milestone AFAIC”
There is a popular post on FB making the rounds regarding a Mr. Ian Caballero and his recent unfortunate incident with Globe Telecoms. To summarize, his postpaid Globe SIM was replaced (copied) without his authorization. The only time you would usually allow this is when you lose your SIM or it is unusable for some reason.
To make matters worse his mobile number is used as a factor for recovering passwords to his email accounts which he in turn uses to do his banking with. These were quickly taken advantage of as he received a notice from his bank that a fund transfer occurred sending money from his account to another bank for P48,000.00.
Suffice to say, Mr. Caballero was having a really really REALLY bad day.
Continue reading “The ‘SMS As A Recovery Option For Any Of Your Online Accounts Is A Bad Idea’ Viral Post”
Yesterday I received this email supposedly from Godaddy, a domain registrar I occasionally use.It says ‘Your account contains more than 3259 directories and may pose a potential performance risk to the server. Please reduce the number of directories for your account to prevent possible account deactivation’.
It is followed by a convenient link to where I should login and fix the issue.
Continue reading “How To Detect A Phish”
To say that the Heartbleed issue has shaken me up is an understatement. It is in fact so serious so as to make me start questioning the open source model of trust and distribution per se even if I have been a great believer since I’ve learned of it – but that is a topic for another post.
Today I just wanted to share Readwrite.com’s excellent post about Heartbleed, where they have excellent tips such as:
Step 1: Make A List Of Important Sites And Accounts
Step 2: Check Which Apps or Sites Are Vulnerable To Heartbleed
Step 3: Change Your Passwords
Continue reading “RRW’s Heartbleed Defense”