WordPress is under attack! Watch it! Password Protect it!

What? What do you mean? There’s already a password. Yes, you need to log in when you want to put up a new blog post or do maintenance of some sort. However, that doesn’t mean that you can’t have an additional layer of protection. Not only can you have it, WordPress actually recommends it here: https://codex.wordpress.org/Brute_Force_Attacks

I looked in my nginx access log and I saw a bunch of messages that looked like this:

95.219.148.136 - - [16/Nov/2017:06:34:33 -0800] "GET /wp-login.php HTTP/1.1" 402 195 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1"
95.219.148.136 - - [16/Nov/2017:06:34:34 -0800] "GET / HTTP/1.1" 200 21587 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1"
202.152.71.21 - - [16/Nov/2017:06:40:48 -0800] "GET /wp-login.php HTTP/1.1" 402 195 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1"
202.152.71.21 - - [16/Nov/2017:06:40:49 -0800] "GET / HTTP/1.1" 200 21589 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1"
177.221.4.36 - - [16/Nov/2017:06:55:42 -0800] "GET /wp-login.php HTTP/1.1" 402 195 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1"
177.221.4.36 - - [16/Nov/2017:06:55:42 -0800] "GET / HTTP/1.1" 200 21589 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1"

After doing some investigation, it appeard to be the sathurbot attacking my blogsite. It’s some sort of distributed piece of malware that attacks poorly maintained or blogs with weak passwords. The malware tries to attack the wp-login and something else. You can read more about it here: https://www.welivesecurity.com/2017/04/06/sathurbot-distributed-wordpress-password-attack/.

The first thing I did to counter this issue was configure Cloudflare to under attack mode. This gives the client a short delay when connecting to your site so that can’t get to the file. This should stop the entries in the log completely, immediately. Since I don’t want users to see the delay all of the time, I decided after the attacks slowed to have nginx password protect the file so that when trying to request it, nginx will ask for a password as well. This way, you’ll need to authenticate twice to get into WordPress, but it’s okay. The extra trouble gives me peace of mind that I’ll less likely be attacked.

With nginx, I did it this way:

location ^~ /wp-login.php {
 auth_basic "Administrator Login";
 auth_basic_user_file /etc/nginx/conf.d/.htpasswd;
 include fastcgi.conf;
 fastcgi_intercept_errors on;
 fastcgi_pass php-wphandler;
 fastcgi_buffers 16 16k;
 fastcgi_buffer_size 32k;
}

The .htpasswd is a hashed file. You can create it with the htpasswd command that comes with the apache2-utils package. The file would look something like this:

alton:[email protected]$SDFapr1$yDoxiXVW$aFe

Now in my logs, I get 401 messages instead of 402 messages.

172.68.242.50 - - [29/Nov/2017:09:36:50 -0800] "GET /wp-login.php HTTP/1.1" 401 195 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1" "134.196.23.66"
172.68.246.96 - - [29/Nov/2017:09:45:48 -0800] "GET /wp-login.php HTTP/1.1" 401 195 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1" "193.93.187.11"
162.158.91.51 - - [29/Nov/2017:09:49:22 -0800] "GET /wp-login.php HTTP/1.1" 401 195 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1" "93.172.55.76"
141.101.77.120 - - [29/Nov/2017:10:08:03 -0800] "GET /wp-login.php HTTP/1.1" 401 195 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1" "41.100.125.248"

I also know that they’re less likely to hack my site. 🙂

Happy blogging!

Read this before changing the iPhone screen yourself to save $50 or more.

Don’t be afraid to change your cracked iPhone screen yourself. Here are some caveats before you do.

You can get the screen for pretty cheap. Just about $20. What you do NOT want, is to get just the glass. Replacing just the glass is way more difficult. The LCD and the touch digitizer is glued onto the glass, so removed those pieces and gluing them back onto the new one is extremely difficult and not worth the $10 in savings.

Don’t freak out if your new screen and old one don’t look exactly alike. The left is my phone. The right is the screen replacement. There’s a piece rubber that needs to be removed. They’re the same screen.

Consider getting a magnetic mat. I didn’t have one when I replaced mine, but fI can see the value. A couple of alternatives to doing this is to create your own place where you’re putting your screws, like using some double-sided tape on the table or packing tape, upside down, so that you can stick your screws to it. I used a white bowl, where I put a magnet inside. I have a little spinning toy that’s stuck to my fridge that I took off. I used the different spaces at the edge of the toy as a divider and put the screws in order so that I would put them back in the same order. Here’s a picture:

Consider getting some spare screws. They are very easy to lose. They only cost about $2.

You might need another metal shield plate. I broke mine. The ribbon is glued onto the glass screen and I just yanked it off with the tweezers. Be careful and you might not need it, but know that if you do break it, it’s only $4. I’ve circled where I broke it.

Lastly, just be careful when taking your phone apart and putting it back together. It could take from 15 minutes to an hour.

Here’s a nice video that shows the process:

Here’s a guide from iFixit that shows you how to do the replacement step by step: https://www.ifixit.com/Guide/iPhone+6+Plus+Display+Assembly+Replacement/30265Good luck!

3 Steps to shop for the best deals and get the maximum amount of points online!

While shopping this holiday season, don’t leave travel points or rebates on the table! A lot of people, myself included, often will just go straight to Amazon or eBay for certain things without even thinking about shopping around for the best deal or what rewards they can get for a purchase. I must admit that I’ve bought things countless times off of those sites either going directly or using a link off of a deal site.

Shopping online is almost always better than shopping at a brick and mortar. It’s almost always cheaper at least. One thing about shopping online though is that you can’t touch the product, smell it, etc. That said, you can always use the store as a showroom – go to a store and do that and then order online.

Decide what you want to buy: If you’re just looking for a deal and not looking for something specific, some of my favorite deal sites are: slickdeals.net, bensbargains.com, deals2buy.com, spoofee.com, and fatwallet.com. When you’re looking for something specific, you should search the forums on slickdeals.net to see what others say as well.

At the point where you’ve decided on what you’re going to buy, do NOT just add to cart and buy. That won’t give you all the discounts or points you want.

Use Gift cards: First off, do you have any gift cards? If not, would it be worthwhile to buy one and get some points off of it? The best way to acquire gift cards is by seeing if there’s one you can get at a significant discount. A couple of ways to do this is via eBay or Gift Card Granny. Another one of my favorite ways to acquire gift cards is at 5% off. When the Chase Freedom card has 5x points on stores that sell gift cards, that’s when I go out and buy them. I bought a few thousand dollars worth of gift cards at Safeway the last quarter they had 5x points on grocery stores. That’s about 5% off right there. Another way I like to acquire gift cards is through Mileage Plus X. With it, you can get one or more United Airline miles for every dollar you spend on a gift card. I have learned whenever going to a chain store to check the app to see if I can buy a gift card for use.

Use shopping portals: When you’ve decided for certain what you’re buying and which store you’re buying from, if you’re buying online, you want to see if the store can be access via a  shopping portal for additional rewards. The site I like to use is evreward.com. It’s generally up to date, but sometimes, other shopping portals can run special promotions so that you might not want to miss. Also factor in bonuses. Sometimes, the shopping portals can run bonuses so you might want to buy from the same one, like if you spend X amount of $ using the portal, they can give you Y amount of points. The various shopping portals can give you points from a plethora of different loyalty programs, including cash back. Here are some of my favorites: Ebates.com for cash back, American Airlines AAdvantage eShopping for AA miles – they’re generally more than United miles. There are other shopping portals, but those are my favorites. It just depends on which airlines you like to fly, hotels you like to stay at, or if you would just prefer cash.

Buy with the credit card that gives you rewards. Lastly, use the credit card that gives you the rewards you want. This could be the Target card that gives you 5% off, your favorite airline card or your favorite cash back card. Just remember that when you spend cash, you lose cash.

So, here are some examples:

Last year, on Black Friday, I foolishly went into Target and bought an iPad. It was a great deal. I think it was $400 for a 64 or 128gb. I tried my Target card, but forgot the pin. I didn’t want to get back into line again, so I just bought it with my regular card that probably gave me 1% back. That’s only about $4. Had I been able to use the Target card, I would’ve gotten about $20. That’s a significant difference, but had I bought online, where I didn’t need to even leave the house, I could’ve used the AA portal, at the time that was giving 3 points per dollar, and gotten my 5% + about 1200 AA points. 1200 AA miles is a mid distance flight! There aren’t too many discounts for Target gift cards, so I’m going to leave that to another example.

I was in need of a laser printer and for some reason, after perusing deal sites, I decided on a Dell. There weren’t a ton of deals at the time, but then I decided to use gift card granny, that sent me to buy a gift card from Raise.com. The printer cost about $100, 108 with tax. I paid $96 for the gift card, giving me $4 off. The credit card I used to buy the card gave me 2% cash back, so I took another $2 back on top of that. I again used the AA portal to give me 3 AA miles per dollar and got just over 300 points.

There’s a local banya that I like to visit for hot tubbing and sauna. The typical entrance fee is about $50 for a 1/2 day. The place also sells a Groupon for about the same price for a full day. I never go for more than a 1/2 day anyway. Why would I buy a Groupon when there’s an expiration date and it’s no cheaper than going direct? Again, gift cards and shopping portal. I don’t remember what % off I got from Gift card granny. I might have bought it from Safeway @ 5% off. Then I took 3 AA miles/dollar @ the AA shopping portal. I’ve had up to 10 miles/dollar for Groupon via the United portal.

My last example is an interesting one. Capital One gives you a credit card number instantly after you’re approved when signing up for a new card. For this reason, I was able to use it immediately and knock out about $500 of spend before I even received my credit card in the mail. I keep a list of all of the automatic payments I made and when I get a new credit card number, I change them all immediately. I did this immediately after I applied and was approved for the Capital One Spark card. I then put the number into Mileage Plus X and went to the mall. There, we ate at Red Robin, Cold Stone Creamery, bought gifts and Hollister and Bed Bath and Beyond. For all of those things, I bought gift cards with the Mileage Plus X card. Spent all this money without even getting the credit card yet.

Happy Spending! Hope this read saves you some money! 🙂

Please share any of your tips down below. 🙂

 

Remember to upgrade Virtualbox Guest Additions when you upgrade Virtualbox!

If you’re wondering why you might not be getting access to your shared folders in your guest OS after upgrading Virtualbox, this could be the reason. Virtualbox Guest Additionals (like VMware tools for Virtualbox) might need to be upgraded as well.

You can expect a system error 53, network path not found if the Guest Additions is not installed. When in the UI, it will say something like this: “Windows cannot access \\vboxsvr error code: 0x80070035 The network path was not found.”

Hope this help!

Making Bob’s Red mill pancakes palatable

I normally love Bob’s red mill products. I enjoy their organic soy beans, organic oatmeal, flax seeds, beans, you name it. That said, their multigrain pancake and waffle mix is just plain disgusting. I’ve followed their instructions on the package and it just comes out gross. Both, the pancakes and the waffles.

If you got some however, please don’t throw them out. Here’s how to make them taste better. I was watching an episode of Diner Revival where Amanda Freitag show someone how to make a gluten free pancake and used a banana. That inspired me to give it a shot and it worked well! When following instructions, add a banana to the mix before putting them in the blender.

It’ll add just the texture you want. They’ll taste almost like regular pancakes. Of course, add maple syrup or honey to your liking. 🙂

Dropbox, OwnCloud? OneDrive? Which one? or all of them?

 Drew Houston did the world a favor when found USB sticks becoming inconvenient and founding Dropbox in 2007. Everybody I knew that started using it loved it, especially for collaboration on projects. Another use case that I loved it for was backup. I use it now so that I have a copy of my data elsewhere in case my laptop or whatever I’m using blows up. After seeing Dropbox gaining tracking, many other companies followed suit, including Google Drive, Microsoft, and Box. The ones I use are Dropbox, Microsoft OneDrive because it comes with my Office 365 account with work, and OwnCloud.What’s OwnCloud? It’s an open source version. It’s one that allows you to keep all of your data in the datacenter or wherever you choose to host it, instead of on someone else’s cloud. It could even be on-premise.

Do you need to choose between the different vendors? Well, there is a way to use them or at least some of them simultaneously. The way I do it is have OwnCloud synced with my Documents folder. All of my work that I want to save is always written there. Inside of the Documents folder, I’ll have one folder for Dropbox and another for OneDrive. This way, OwnCloud backs up everything I have in both, Dropbox and OneDrive. I then keep everything that’s personal in Dropbox and everything that I want to share at work on OneDrive.

Hope this helps someone out there! 🙂

 

Caveats of using a privacy screen

I love my privacy screen on my laptop. I can work with a little more security, thinking that as like it’s less likely that someone is watching what I’m doing. That said, and there are some trade-offs. One of them is if you want to collaborate with someone, it’s harder for them to see your screen. You’ll need to be sitting directly in front of the screen, so both people will need to be sitting pretty close to each other. On a phone, The same issues apply. Except often, people like to make videos or take photos and if you’re taking photos away or example if you have to raise your arm up and try to snap a photo of something down like if you’re at a ball game or if you want to take a selfie, it will be more difficult. It’s more likely that you won’t even see yourself or see what you’re filming or taking a photo of. On top of this, other issues including when you if you’re watching high definition movies, you lose a little bit of picture. It does not look as good as if you were watching without the privacy filter. And also, you will need to adjust the brightness of your screen. On the phone, this causes another big problem.The battery does not last as long and the phone gets hot very quickly. All that said, I still prefer my privacy and I will continue to use my privacy screens on both my laptop and my phone. I just need to remove it when working with others or if I’m in the sun or driving.