Hackers suck

Recently all my hosting was shut off without warning, the host has since apologized and helped me out with tracking down the issues.

WordPress is notoriously a target for hackers, due to people not always staying up to date *cough*. Cleaning up after the fact is quite a burden.

I started finding some rogue files, edits to some of the wordpress files and a few other interesting things. It became whack-a-mole. You see a lot of small time people like me just used shared hosting. So you create an account and you can host a bunch of sites as long as you don’t blow your limits. It’s a good way to try things out for low cost, it is limiting, but good enough for most dabblers.

The reason the above is important is the hackers got through via wordpress and wormed their way through all my sites, wordpress or not, and placed these files everywhere. They would then target those placed files to launch attacks or infect other sites, etc. Heck even someone had hit the old cub scouts website (they have since updated away from wordpress) as it was a referrer that was hitting one of these files.

These attacks started back in October, I found files dated back to then. I felt like I got them all, then checked in a few days later. Bam, more! I was pretty floored. It was a lot of time and effort to navigate all the directories to find the offending files. I used the log stats the host provides to help identify areas I was missing which told me that some of these were nested multiple directories down so my plan of just looking for recently modified directories and files wasn’t enough because some directories looked unmodified until you went a few more down.

My next stop was to try using something to scan my sites myself to look for vulnerabilities. I went after it, spent a bunch of time getting my homebrew updated, getting dependencies installed then it was time for Docker. Well Docker told me to go pound sand, this 8 year old Macbook Air doesn’t have what it takes to do virtual machines. Sadface.

Since that didn’t pan out I knew there were some well known, popular and costly paid options. Keep in mind I don’t make a penny from these sites, they are mini-money pits when you account for the modest hosting cost and the domain costs. It’s a hobby for me I suppose. Anyway…I start searching high and low and try a few, balk at a bunch of others. I finally come across one that looks to fit the bill. So I install it.

So far so good, and guess what, it is freemium, so you get a good out of the box product that does quite a bit. Of course the few outstanding things they tell you you need to be really secure require an upgrade, but it looks reasonable to upgrade if desired. Giving the free version a shot for a bit.

No sooner do I install it, I let is scan, it finds more of these files that I missed, it found other modified core files in wordpress. Also, while I let it fix those things, it started blocking people right away. I was able to look at the logs and see that folks were trying to brute force their way in.

I installed it on some other sites as well, same thing, but nowhere close to the colume to attempted attacks as this gem of a unmaintained and rarely posted to blog. 🙂

Really my only casualty of all this is the Gallery I had attached. I have all the photos, but something broke, and I just don’t have the time to sort it all out and I’m not sure I care that much to do it.

Intel Edison Project

I attend GlueCon this year, and in our swag bag we were given an Intel Edison chip and mini breakout board.

I have been thinking about what I wanted to do with this thing. Sadly with the mini-breakout board you can’t even do the simple blinking led test. However, you could set up a web server to test things out, or just write some code to trigger it to do something.

Most of the ideas of what I wanted to do are turning out to be too complex, or just not realistic. I really wanted to throw RFID tags on the dogs and have a sensor that would track every time they went outside, and maybe even what the weather was like, if it was light or dark out. Etc. Unfortunately the tags and reader just don’t have enough range.

Then I wanted to be notified every time the doorbell rang, there are some examples of this out there. And frankly other than it being a data point in my life it isn’t really useful.

As I sit here typing this in my bedroom, I realize it is easily 5 or more degrees warmer up here than the lower levels of our home. We have a Nest thermostat, which has APIs. At first I will just data gather and maybe fire off something that would be the equivalent of triggering the Nest to do something to make sure I have a solid working platform.

I’ll follow up as I progress. I need to acquire some parts.

Project Electrilope – Day 3

The Clean Republic Hill Topper kit arrived, the packing of the parts was not great. However nothing appears to be damaged.

Install was pretty simple, the right side of the front fork was a little stubborn but it went into place. I ordered some quick releases and used those for the install.

Since the plan for today was a test fit and test ride I didn’t exactly take my time routing the wires, but the rear rack I recently added was perfect for the battery.

Test ride was great, I will need to work on the position of the button for engaging the motor. Our next step will be testing it on Renee’s bike to ensure she likes it as well so we can decide if we want a second.

The nice thing, is you can tell it’s enough to let you be lazy here and there if you need to be, but otherwise it really is to just assist you and that’s what we want. We still want to get the health benefits of riding, but this should help with my physical limitation.

Project Electrilope – Day 2

Headed over to Jim’s to install the new shifter/brake combos and cables. We had some delays to a crazy hail storm. However, we were able to accomplish our goal…get it done, drink some beers and catch up.

Nothing amazing to report, we had a few hiccups but shifting was super smooth. A few test rides around the block were great.

Tomorrow is the big day, the eBike kit arrives!

Here is a pic of one of the new shifter pods:

Project Electrilope – Day 1

I ordered a new shifter/brake combo kit as the original factory one was busted. Well the shifter pods were broken. I essentially had a single speed. The item I got was the Shimano ST-EF65-7R4 (7 speed rear, 4 finger lever for the brakes). It was about $43 on Amazon. Worlds slowest shipping from the seller. Received the new parts today.

My old friend Jim is going to help me with this for Day 2, well at least the replacement of these parts. I removed the old shifter pods and cables, but was unsuccessful removing my grips so the brakes are still attached. I moved on and adjusted the way out of adjustment front and rear derailleurs.

That was it for today, tomorrow we finish removing the old brake levers and cables and install the new brakes and shifters (and cables). Adjust and test it out.

Shifter/Brake lever combo