Category: Tech

Dual IP Comment Spammers with Canadian Content

We Canadians are always overshadowed by the 10 larger in population US. If at all possible I like to highlight our accomplishments, or in this case, sophisticated comment spamming from Canada. Bad, Canada.

Comment spammers on my site usually use a single IP to first read the post, determine if they can submit spam, then submit the spam comment. This shows up in my Akismet spam comments. They are simple to identify and ban.

This is a preview of Dual IP Comment Spammers with Canadian Content. Read the full post (244 words, 0 images, estimated 59 secs reading time)

Brute Force Login Attack: 2017 Jan 23

It is always good to see international cooperation amongst different nations in this great world. However, when China, India and Russia cooperate to try to break into my site, forgive me when I get a little upset. While I usually file complaints to internet host providers, in this case the complaint would fall on deaf ears: hosts in China, India and Russia ignore abuse emails. Then most hosts from all over the world ignore abuse emails.

Number of login attempts: 417
All the user agent names are the same: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:40.0) Gecko/20100101 Firefox/40.0

This is a preview of Brute Force Login Attack: 2017 Jan 23. Read the full post (2247 words, 0 images, estimated 8:59 mins reading time)

Understanding CloudLinux Statistics

I have moved host providers, and my new provider uses CloudLinux.

CloudLinux uses a container technology called Lightweight Virtual Environment, or LVE. This container technology allows many users to co-locate on the same server. Each tenant is limited to specific resources and cannot exceed them and thus, negatively influence the other tenants.

Physical Memory Usage (RAM) is a combination of physical memory and disk cache. When physical memory usage is close to max CloudLinux will dump its disk cache to free up space. If physical memory usage is still maxing, users will experience PHP error 500 and 503s.

This is a preview of Understanding CloudLinux Statistics. Read the full post (151 words, 0 images, estimated 36 secs reading time)

New Host Provider, No IP Bans for 21 hrs

Moved, I did, from Site5, to A2. The last 21 hrs was a wet and wild ride all without the protection of my trusty .htaccess file, the one with my Ip ban list. Within that time, 21 hrs, I received a total of 33 spam comments. Usually I receive only one or two. It is clear that without protection I would be inundated by comment spam.

Of course these IPs are only the ones that comment spammed me. There are many more that use their bots to do content scraping, trying to break into my site, trick my host provider, etc. There are too many to list.

This is a preview of New Host Provider, No IP Bans for 21 hrs. Read the full post (271 words, 0 images, estimated 1:05 mins reading time)

Drupal 8: Add Captcha to Post Comments

It sounds like a very common thing to me. You post some content, you want others to comment, comments invite bots, you want a Captcha question. In D8 by default this is turned off. Unfortunately in Drupal 8 it is also not easy to find this setting.

Here is the solution, from mmerrill219:

To add Captcha to Drupal 8 Comments one must:
– Goto “admin/config/people/captcha/captcha-points”
– Click ” + Add Captcha Point” button at top of page
– Use “comment_comment_form” as Form ID

This is a preview of Drupal 8: Add Captcha to Post Comments. Read the full post (121 words, 0 images, estimated 29 secs reading time)

DomainCrawler Attack using 5 IP addresses

Domain Crawler hit my server a 500 transaction attack today, using 5 IP addresses, all from Sweden. They scraped me hard! Their user agent is “DomainCrawler/3.0 (info@domaincrawler.com; http://www.domaincrawler.com/dontai.com)”. I have banned all these IP addresses with their last octet. Good riddance.

80.248.225.142 Internetbolaget Se domaincrawler
80.248.227.107 Internetbolaget Se domaincrawler
176.74.192.36 Tralex Se domaincrawler
193.183.102.178 Internetbolaget Se domaincrawler

Permanent link to this post (58 words, 0 images, estimated 14 secs reading time)

A Plain-speak End User Agreement for Instagram

Humans being humans, shudder when confronted with long, boring end user agreements, or EUAs. I am pretty sure sites and the legal profession knowingly takes advantage of this when they write them. It is important, however, to understand the agreement, as this does affect your privacy.

Jenny Afia, a privacy lawyer and partner at Schillings law firm in London, Uk, took it upon herself to rewrite Instagram’s EUA so that preteens and teens could understand what expectations they are signing up for when using Instagram. The original interview was with the Washington Post.

This is a preview of A Plain-speak End User Agreement for Instagram. Read the full post (1098 words, 0 images, estimated 4:24 mins reading time)

Brute Force Login Attacks: 2016 Dec 20, Two Types

Why is today so special? It looks like two separate groups tried their own brute force login attacks on my site, each using a different technique. There were a total of 510 login attempts today on my site.

The first technique is to use a low number of IPs, but try numerous times. UA: “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:40.0) Gecko/20100101 Firefox/40.0”

37.159.245.182 VODAFONE-IT: 51 login attempts
91.234.226.103 SIPCOM UA: 116 login attempts
183.64.62.26 CHINANET Jiangsu: 109 login attempts
223.196.88.191 Idea Cellular In: 51 logi attempts

This is a preview of Brute Force Login Attacks: 2016 Dec 20, Two Types. Read the full post (1899 words, 0 images, estimated 7:36 mins reading time)

SSH Transfers Between Servers: Summary

SSH is a unix tool you can use to facilitate secure and fast transfers between servers, or between your desktop and a server. Instead of transferring a file from server A to your PC and then from your PC to server B, you can more directly transfer files from Server A to server B.

You will need SSH credentials for both servers. These credentials include an ID, the server name, port and a password. You will need to get these from your server admin, or your ISP. Once you have these, start a terminal each and “SSH id@servername”. You will be prompted for a password. Once you login your terminal prompt will change, showing you that you’re on a different server. Keep both open. From the receiving server you can do the scp command. This seems the easiest.

This is a preview of SSH Transfers Between Servers: Summary. Read the full post (366 words, 0 images, estimated 1:28 mins reading time)

Brute Force Login Attack: 2016 Dec 19

Again, they come, but this time with individual IPs. Huh? Not so funny anymore. 18 individual IP, all timed differently.

UA: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.89 Safari/537.36

103.1.173.103 [19/Dec/2016:05:57:06
103.18.5.22 [19/Dec/2016:04:57:30
139.59.1.139 [19/Dec/2016:05:47:03
144.208.66.8 [19/Dec/2016:06:26:51
162.220.58.205 [19/Dec/2016:02:47:14
173.188.123.130 [19/Dec/2016:06:24:53
185.103.197.198 [19/Dec/2016:05:00:34
189.1.168.10 [19/Dec/2016:06:09:05
198.1.91.13 [19/Dec/2016:05:06:45
200.34.204.5 [19/Dec/2016:01:26:45
201.160.106.35 [19/Dec/2016:03:27:25
216.157.108.17 [19/Dec/2016:04:17:17
31.210.61.34 [19/Dec/2016:02:58:33
37.187.240.112 [19/Dec/2016:06:34:02
64.37.49.155 [19/Dec/2016:05:33:19
71.92.251.210 [19/Dec/2016:03:28:52
92.243.29.161 [19/Dec/2016:06:24:52
96.30.62.52 [19/Dec/2016:04:44:31

96.30.62.52

Permanent link to this post (71 words, 0 images, estimated 17 secs reading time)