Hacking 101

Blank Website

Been hacked and the affected website will not even load, you are just presented with a blank page.

  • Check that index.php exists.
  • Check that inded.php only has the very small amount of standard lines that come with WordPress.
  • Check that index.php is not 0 bytes long.

Website exists

Go in to the Dashboard and install WordFence, the free version is going to be good enough to get you started.

Run WordFence and only if you know what you are doing start making the changes WordFece suggests.

WordFence

index.php

I have found bad index.php files in a number of locations, such as ./cgi-bin/index.php

WordPress Hacked

One of my customers just got hacked.

The hack was not very good, as it did not give the hackers control, unfortunitly it did kill the website.

It would appear that this site was hacked three time, with each hack not getting fully birthed. Then on the 31st, when a whole lot of updates got done, the degree of access increased, these hacks then went active last night and killed the site.

  • To fix this I copied the affective files to a hidden sub-directory.
    • To have a look at later.
  • Copies over clean version of the affected files from a good site.
  • Gave these files ownership back to the site.
  • And the site is up and running again.
  1. Since then I have installed the free version of WordFence on this site.
  2. They have their /wp-admin page hidden.
  3. All plugins have been updated.
  4. We need to get rid of any plugins they do not use.

The hack was a redirect hack, seeking to cause people coming to this site to then be redirected to another site somewhere else in the world.

Send an Email when you have a new Post

I have been looking for a reliable way to send an mail to people that have signed up to receive notifications of a new Post.

I started using MailPoet for one person and I am now using this myself.

Install the plugin.

Once you have the plugin installed, let’s set it up.
Go to Subscriptions, and Add New and put yourself in, this is what we will be using to test that emails are working.
Go to Lists, and create a new List. And put your self in that List.
Go to Settings, setup Default sender. Contact us if you need help.
Go to Emails, and set up a Post Notifications.

Post Notification.

You need to create a Notification Email. This will be sent to a particulate list when you create a new Post.

When you go to Post Notification, start setup and use Immediately.
Click Next.

Choose a look and feel.

Activation.

Having set up MailPoet I still could not send emails. Digging a bit further I have this issue with my settings.

I had a Key in there already.
Clicking on Activate MailPoet Sending Service, fixed my issue.

Let’s Test.

Some things to secure your website.

That does not cost anything.

Update WordPress

Anytime you login to your site and you see this.
Click ‘Please update now”!
Also, update all your Plugins and Themes.

WordPress Login

Every so often my server gets hammered with thousands of attempts to login with bogus credentials.
If you do not have the plugin “Limit Logins’, then every attempt is sent to the server backed, and of course rejected because either the username is incorrect or the password is. But still, this is processing power wasted.

The first thing we do is install this plugin.

Limit bad logins

This is standard on all new WordPress installs.
If you do not have it, get it.

You know your Login page, username and password.
If some tries and fails four times they are locked out for twenty minutes.
If after that they try again with four fails they are locked out for 24 hours.

Make your Site https

Really Simple SSL automatically detects your settings and configures your website to run over https.
To keep it lightweight, the options are kept to a minimum. The entire site will move to SSL.

Install and Activate

You will be taken to a screen to ‘Go ahead, activate SSL!”
On the next page click “Enable” on the line for 301 redirect

Hide your Login Page

Change wp-login.php to anything you want.

Install and Activate, click on the plugins Settings link.

One the next page , change the word “login” to some thing you can remember but is unrelated to WordPress or logging in. Say, “mywriting”.

Logout and login using this name and now wp-admin.

Wordfence

We will just be using the free portions of this plugin.

Make sure you have also used WPS Hide Login.

Install and Activate, on the next screen put in your email address so you will receive warnings when hacking attempts happen.

At this time we do not have a Premium Key, click No Thanks.

rclone

I’ve been looking for a server solution, and I think I just found one.

On the Linux Server I run

sudo curl https://rclone.org/install.sh | sudo bash

Enter my password so this can be installed as root.

August 2020, had this issue:

Peer reports incompatible or unsupported protocol version.
TO OVERCOME RAN
yum update -y nss curl libcurl

Now I ran

rclone config

There was a lot to work through so this is what I did and what I wanted.

  • I have an unlimited account.
  • I created a Team Drive to receive these backups.
  • I configured my own certificates to create a secure connection between this server and my Google Drive Team Folder.
  • In my user fold on the server I created a Directory called googledrive.
  • I then ran this command to connect my defined Google Drive Team Folder in the cloud with my user folder of googledrive.
rclone config show
rclone mount theconfigname: /home/auser/googledrive/ &
the & completes and returns
df
theconfigname: 1099511627776 0 1099511627776 0% /home/auser/googledrive

Now that is a lot of available storage.
But then from this server I am backing up over 1T of data. And how to do that?

Issues

I seem to be able to get rclone operating flawlessly when I am backing up to a Google Team Drive. But to My Drive is still causing me a lot of issues.

Mounting Issues

I had an issue with mounting a Google Drive, it was fixed by doing the following after the error below.

rclone mount source /root/destination
2020/07/28 13:11:27 Fatal error: failed to mount FUSE fs: fusermount: exec: "fusermount": executable file not found in $PATH
FIX
yum install sshfs

Bad Unmount

??????????? ? ? ? ? ? googledrive
umount -i /root/googledrive

Google Drive

One of the things I offer is an unlimited Google account for you and your family.

My account holds a piddling 500GB of stuff, my daughers has 2 terabytes of storage, but my best two people have 6 terabytes, that is 6,000 gig, and the other has 12 terabytes of storage.

That is quite a lot of stuff!

Why?

When you have lost a Hard Drive or a Laptop it is rather depressing, one of these accounts keeps things things safe.
What we have done is to make a single account available for the whole family. So for around $160US a year, you get Google Drive and Google Photos installed on all your phones, laptops, computers and tablets, and they all get backed up to the cloud.

Here is how it works.

You may be fimilar with Google Drive on gmail.

This is just so much more:

  • You have My Drive as before
  • You also now have Shared Drives, think of these as individual project areas that you can invite others in to to work on things
  • Then you have Computers
  • In my case just my laptop, but as many of your family that have your Google Drive installed on their computer their areas are automatically backed up.
  • Even when they plug in a USB storage, but of course if you plug in a 1T external hard drive it may take a few days for it to get fully backed-up.
  • And then you have the good old Shared with me, that we love but can never find anything.

Gentleness

Blessed are the gentle, for they shall inherit the earth.

Blessed are those who could slay with one strike but leave their sword sheathed.
For in their powerful gentleness they will inherit the earth.
The powerful sword wielder knows that blood leads to more blood.

The sword is useful for eliminating, but can not plant, germinate and bring to fruit.

There is a better way, and the sword wielder knows this, not to relinquish their scabbard and sword, but not to have to unsheathed it either.

A wisdom can exist, a form of the fear of the Lord that can exist in the Gentleman’s eyes, that causes caution on the part of the foolish. There is a “don’t mess with me” and a “come let us walk together” in that look, not unlike Abbas, for the Gentleman knows that an inheritance can occur without the shedding of blood. The fool can learn wisdom, for they themselves were once that fool.

How does that sword wielder become a Gentleman?

  • By not drawing blood.
  • By not taking cheap shots because you can.
  • By laying such a word that even if it cuts, the person wants the cut and the outcome.
  • By walking beside rather than talking at.
  • By living empathy over sympathy.

If you think someone is full of shit, even as they speak and as they work to bring into action their words, there is of course bullshit in what they say and what they do. Just like you.
The Gentleman does not draw his sword and slay just because he can, they know how to work in such a way that the bullshit becomes less and Jesus becomes obvious and more, in themselves and in others.

It is as simple as seeking to be part of the answer. Even an answer that receives opposition. Even then engaging that opposition with gentleness, skillfully putting aside their reactions while not themselves engaging in reactions.

Action rather than reaction is not afraid of the questions, nor is it rushed, it is comfortable in silences, it is prepared and considered, it can say “I don’t know, I’ll get back to you on that.” And it does! It can say, “Well that is one way of looking at it.” And it can provide a reasonable counter reply, and simply let their words stand. 

There is a gentle strength that we need to learn where our words, once we have let them out into the world,  they do not need us to defend them. We may repeat them or better explain them, but we let Jesus defend them. Is he not better at this than us?

Gather to yourself Gentlemen and Gentlewomen, sheathed sword wearers.

Become one yourself.

Recycling

Today’s YouTube browsing took me to:

Precious Plastic

Previous Plastics :

Then a shredding video here:

What interests me here is the combination between Maker & Creator, not just making stuff, but coming back a step or two and creating the stuff you use to make the stuff.

Also the Open Source nature of this machine and the manufacture support, which included a list of people all over the world who have taken Precious Plastic Open Source designs and made the machines available in their country.
https://bazar.preciousplastic.com/seller-map/

Tiny Living

  • We have a 40-hour workweek.
  • We have our 2-hour church service.
  • We exercise for 4 hours a week.
  • We are in some community group 3 hours a week.
  • We have broken up our lives into allotments of time and purpose and have become a fragmented people.

Can we live differently?

We work forty hours a week as that is the social norm, and from that, we create a degree of income that gives us a certain lifestyle. 

I want to live better.

Not just within my income. But with my time, land, strength, resources, friendships, and especially my family.

As followers of Jesus, we are about the great commission. If our reason for being is to give glory to Jesus, then the great commission is secondary, or even tertiary in our lives. Are you not a father or mother first before you are an Apostle, Prophet, Evangelist, Pastor, and Teacher, are not our roles as mothers and father eternal in the nature of God, unlike our earthly giftings?
Not to take away from our callings, but to recognize our temporary callings in the light of our eternal nature.

So how do we glorify God and carry out the activities of a disciple?

Have we segmented our lives into hours and activities, and in our fragmentation become less effective in all those segments? How do we live a life without guilt and condemnation that so easily makes a place in the mind of a driven person, even when driven by good visions?
I have often said that God has given us enough hours in every day to do everything that God has for us. This included time to relax, laugh, and blob out.
One of the things I am working on in my own life is to remove the 40-hour mentality from working. Whether for pay or for ministry. I want to remove this time-oriented presupposition from other areas of my life, from religious observance, social observance.

I think that this time of the double bad cold is an opportunity to rewrite our minds.

Many people have been talking about wanting to grow their own food, but our lives and locations do not lend themselves to this. Kamaaina Hale does not want us to have a garden.
And even if I was to have a garden, one that is more than just some herbs and a tomato plant, it would require about an hour a day, during a period of time when I am often being asked to be involved in ministry somewhere, or worse a meeting.
Yet think about what we want to do out there… Africa, Asia, Central & South America. We want to bring the fullness of life, the redemption of the heart, the mind, and the body. Education, business, and government. The arts, occupations, and food.

Give a man a fish and you feed him for a day.
Teach a man to fish and you feed him for a lifetime.
Train trainers in gardening and you transform communities. 

Their health improves.
Their social interactions improve.
Their reason for being comes into focus.
And we get opportunities to speak to the whole woman and the whole man.

If this is how we want to carry out the work of our calling in the great commission, why are we not doing this now, modeling this right here in Kona? If we want to become people who can do redemptive works of community development of the soul and the body, we need to be practices of what we preach.