To the hacker trying to log into my WP blog

Please, just stop.

Let’s talk about what you want in the comments section?

 

Update: The hacker has been using an IP – 74.91.20.14 from Kansas City which has been blocked.

Update 2: The hacker has now started using an IP –  94.185.85.42 from Sweden which has now been blocked too. Good luck idiot.

Update 3: My hacker has turned into a spammer. Apart from using the following IPs to try to log into my blog,

91.217.101.247, 78.130.226.69, 109.175.6.137, 94.50.173.99, 95.56.146.170,

95.239.168.196, 217.118.81.13, 217.9.237.26, 176.102.32.47,  200.29.112.243,

92.60.234.183, 189.195.192.33, 77.66.236.145, 189.72.213.165, 203.77.43.96,

94.29.189.206, 60.249.130.169, 46.172.200.79, 178.234.219.188, 182.178.58.119,

88.206.117.39,  85.217.201.124, 95.82.248.125 (and a lot others)

(use geoiptool and whois to see where these IPs are from and who they belong to)

I am also being bombarded by spam comments and link backs on my blog. Boy am I glad to be running Disqus instead of the default comments right now!

In other news, I found out that Cloudflare only allows blocking of 2 IPs for a free account. That means I’m left to my own devices to reduce this threat. Thank Johanee for the wonderful Limit Login Attempts plugin for WordPress.

 

Update 4: Ok, I’m kind of liveblogging this. But it’s turning into an interesting nightmare. The more I heckle this hacker, the more I’m being bombarded with spam and the more IPs he’s using to try to log into my account (to avoid the login attempts limit). Here’s a nice map showing the IPs I’ve logged (Shows the number of machines under his control) –

IPs around the world. Most of these are showing as Windows hosts, but some are registering as Mac. That doesn’t look good!

Attribution: The above map is from http://www.phpace.com/tools/network-tools/ip-to-location/ which seems to be using Google Maps and the MaxMind GeoIP service.

 

Update 5: It seems that the dictionary attack has come to an end for the day. The hacker used an intelligent list of commonly used passwords instead of just bombarding me with all possible words from a-z. Thanks to the ThreeWP Activity Monitor plugin, I’ve been able to compile a list of IPs, browsers associated and passwords used by the hacker. I’ve created a nice Google Map to pinpoint all the locations of the possibly infected computers used by the hacker. That map is more comprehensive than the image above. I’ve also attached a nice python list of all the IPs, if someone wants to do something with them (for example, if someone from CloudFlare wants to include said IPs in their network).

Google Map

Combined Info on passwords, IPs, user agent info of infected computers.

python IP list

Attribution: Google Maps for the map, Maxmind for the GeoIP API, pygmaps for the library. If anyone’s interested, I’ll upload the python code I used to create the map (though it’s pretty simple).

 

Update 6: You would have thought this person would have given up after a week of hitting on my blog, but that doesn’t seem to be the case. I receive about 7-8 spam comments a day and 30-50 login attempts a day. I’ve started to hit back. I’m recognizing frequently used IPs and reporting them for abuse to their owner companies. I’ve sent a list of IPs to Cloudflare and asked them to put those IPs in their block lists. I’ve found something called RBLs (Realtime Blackhole Lists) which list IPs used by spammers. Many of these lists already have the IPs that I’m getting hit with listed in their files. Most of these lists do not accept user contribution but some of them do. I’m finding the ones that do and systematically reporting every IP used by the hacker.

Also, I’ve downgraded his level from hacker to spammer and from spammer to script kiddie. From here on out I’ll be referring to this person only as a script kiddie.

Are you getting hammed on your social network?

We all hate spam. Spam is useless, it fills up too much of our email space and it takes a lot of time to get rid of. That’s why email providers invented filters. They wanted everyone to be rid of everything associated to spam.

In today’s age, we’re not restricted to email. Most of our conversations happen on social networks and email is reserved for sending documents or larger conversations (or maybe the occasional person who’s still not on any social network). There’s some protection from spam in social networks because it’s in the benefit of the network providers to prevent non-sense from entering a user’s feed (this is, of course, not true for Facebook). Thus there are enough ways to block spam (ban the spamming friend or application, set filters or use hardware to detect spam) or to avoid it (by overlooking certain posts) that we’re no longer too worried about spam. But what about ham? Continue reading

Year of Social

The season is changing and here, in Boulder, Colorado, it means colder nights and shorter days. It’s time for animals to wrap up their food gathering operations and finish working on cozy homes for the all too familiar winter.

 

This hibernation is also coming to a very important aspect of my life. Last year, at about the same time, I dumped Facebook in favor of Twitter. I had been inactive on the micro blog since long and returned to it, only to discover so many new and amazing connections and services. I found people worth talking to and got help where I needed it. I also posted a lot on this blog here, taking it through many iterations, themes and (free) hosting providers. Now I’ve moved it to a paid provider – NearlyFreeSpeech in order to maintain a better uptime ratio.

Continue reading