Adventures in Internet Pest Control

January 20th, 2018

Plus Guns

Today, for the second time since 2002, I had the annoying experience of having a website hacked. Someone left a stupid tag at the top of my home page. I had to drop everything and change every conceivable password, and I exported the entire content of my WordPress blog so I could republish it if the blog vanished.

I suspect there is a hole in WordPress, because my password was a huge jumble of nonsense characters which would have taken a very, very long time to guess. I’m not a computer expert, but I doubt a nerd in Turkey with a 5-year-old laptop has the ability to crack a password as long as a finger, composed of random ASCII. Maybe I’m wrong.

I contacted my hosting company, and their online chat took forever. I tried calling. The phone number took me to an outsourced security company. The guy who picked up the phone told me (this is my interpretation) that my host company’s security is worthless. He said his company would scan my site for $15 per month, which doesn’t sound bad, but then I asked the obvious question. Yes, it’s a yearly deal. So $180.

I tried the support number again, and I got a phone maze that went nowhere at all. That was surprising. Then I got the chat guy (Kumar, no lie), and after much poor communication, he finally assured me that as long as my passwords were fresh, no one but me should be able to get into my email accounts or Cpanel (if you don’t know what that is, forget it).

This killed maybe an hour.

I don’t use lame passwords for my hosted stuff. If you want to get into my business, you will have to find some other way. I assume WordPress provided it, and if that is true, the site may be hacked again, because WordPress has not updated in a while. If this happens, I will probably reinstall the site. It depends on the then-current state of security the host can provide. If I’m going to be reinstalling once per week, I will let it go. There is always Blogger.

I was concerned about my emails, but then I realized there isn’t much for hackers to steal. When you have your own server, the emails are removed as soon as you check them, so there is no giant backlog of sensitive material waiting to be stolen. Unless the host company is stupidly putting deleted emails somewhere where hackers can find them.

This scare made me think about something I expect to happen before long. Eventually, Christians and conservatives will be banned from the web. When we are not banned entirely, we will be hobbled by Nuremberg-style laws that will limit us to very basic participation, free of political and religious content. The big Internet players are not bound by the Constitution, so they will have a good legal opening when they decide to muffle us once and for all.

I assume whoever hacked me is just bored, but it could be someone who has an agenda. It’s not a Christian or a conservative. Actually, some conservatives hate me, but I’m not in the political blogging game now, so I doubt these stunted souls feel motivated to bother me.

While I was fixing my security to the best of my ability, I learned something surprising. I am getting nearly 2 thousand unique visits per day. I figured I was getting more like 80. I had a stat counter that gave me depressing results, but I knew it wasn’t working very well. I guess it was working worse than I thought. My host company’s internal stat stuff told me the truth.

What can I say about this? I thought I was yelling into a bucket, but it appears that I have some readers. They don’t comment much. Maybe most are bots. Years ago, “unique visit” meant a human being had probably come to your blog. Now? Search me.

I don’t think ~2000 people are showing up every day, but maybe it’s ~1000.

Maybe I am reaching some people with my testimony. I will have to think more about what I write, now that I know someone may actually read it.

In other news, I solved my long-range (longish) shooting problem. I was shooting a 17 HMR rifle at 100 yards, and I was getting a lot of dispersion. I was frustrated. Then I learned that a slight wind will blow a 17 HMR all over the place. Also, a gun forum guy told me to get my left hand off the gun. Today I went out with my friend Mike, and we shot a while. There was no wind. I switched to shooting with my left hand down, and here is what I got:

That’s 5 rounds on the left, plus an extraneous round Mike fired just to make my target look bad. What a punk move. Can you believe that? Anyway, that’s a wee bit over 1 MOA, probably. It may be 1 MOA. It’s very close, measuring from the outsides of the farthest-separated holes.

I figure if I practice a little, I will be 3/4 MOA with that gun, and I will be consistent. I won’t have to shoot 50 rounds to get a single 3/4 MOA group I can put on the Internet. This makes me extremely happy.

That gun is a laser. It’s crappy rimfire ammunition, which you can get for 10 bucks per box, and look how accurate it is. IF the wind isn’t blowing. I am reading some surprising distance figures. I thought the gun was useless past 150 yards, but apparently that’s not true unless you want to kill things. People are claiming they shoot targets at nearly 300 yards. If that’s true, this is the practice gun for me. I just need to choose days when there isn’t much wind.

That’s exciting. I can find 300 yards of safe shooting space here, no problem. I could conceivably learn to shoot real distances.

We also shot some grapefruit and ponderosa lemons. I hit one and blew half of it about 15 feet away from the rest. Fun.

It’s really nice to be shooting a rifle well. It was a long time coming. And since I’m not using the best stuff or practicing a lot, I should expect considerable improvement in the future. Too bad they don’t sell a license for shooting hackers.

If the blog disappears, don’t blame me. I’ll make a reasonable effort to keep it alive.

10 Responses to “Adventures in Internet Pest Control”

  1. Stephen Says:

    Steve – I have a plugin called ‘Limit Login Attempts’ on both of my WordPress sites. It’s by a guy called Johan Eenfeldt. It limits login attempts to 4 tries from each IP address. Might be worth a look.

    I also use the ‘BAW Post Views Count’ plugin by Juliobox. This shows you how many views each individual post gets with a number at the foot of the post. (Though if visitors are reading your posts from the front page without actually clicking on the post, it won’t update the count.)

  2. Aaron's cc: Says:

    Doubt it’s WordPress. More likely a plugin.

    I use a plugin that blocks all traffic outside the Anglosphere and Israel. You are unlikely to receive legit traffic from Africa, South America, Asia (except for Israel), Axis and ex-Iron Curtain nations. Yes, proxies can be used becoming less of a target for script kiddies reduces vulnerability by 95%.

    Sucuri is good and sends you reports of brute force attempts with IP addresses. Would have made my work defending against Saudi hackers which brought down instapundit, Power line, Hugh Hewitt and other sites as collateral damage.


  3. Ruth H Says:

    I do not know why but I am suspicious that I get a “page not found” on many of the sites I visit regularly. Of course, they are mostly conservative site. I hit the refresh button and they magically appear. I think it is some type shadow banning, but maybe I am just paranoid. Or not.

    This is happening with Firefox, I would have expected it with Chrome. I don’t visit those sites much with Chrome, so maybe it would be a problem if I did.

  4. Steve H. Says:

    He really did say his name was Kumar.

    I have deactivated all the plugins I don’t care about.

  5. Aaron's cc: Says:

    Was it spelled that way on the Kumar Detector Van?

  6. Steve H. Says:

    It’s people like you what causes unrest.

  7. Rachel L Says:

    Real, live human, commenting so you know I am one of the “2,000”.

  8. Steve H. Says:

    That’s exactly what a bot would say!

  9. Thomas Doan Says:

    Hi Steve, Tom here, still here 12 years later. Sent you a pic of me holding a slab of polish bacon that came as a whole unsliced slab, how could you ever forget?

  10. Steve H. Says:

    Which of the many things I’ve forgotten are you referring to?