Saturday, September 21, 2019

Retrofitting

Regular readers may have had a surprise when they saw the blog's "new-old look." It's new-old because this was how it looked like before I moved to my own domain and spruced up the blog with a template that I tweaked and personalized.

The past few weeks have been rife with challenges as my blog became the subject of a brute force attack. It's a good thing that my husband is an IT/ web design / tech magician so he knew exactly what was happening and how to go about it. The following logs were lifted verbatim from his Facebook page:
September 10 at 4:15 PM · 
So jill's Personal Finance website https://frugalhoney.com may or may not have been hacked. I say 'may have been' because Server logs showed classic hack signs such as brute-forcing wp-login.php and wp-admin.php, the key wordpress files to try and access the dashboard. 
For a site that gets only less than 200 visits a day that's suspicious. Most random type hacks try to access every possible file but in this case it seemed very specific. 
In any case being the heroic husband and cunning web developer that I am I fixed it. It took 4 hours and I normally charge 5k-10k for this sort of thing so I am publishing this post so everyone will know my tremendous sacrifice. 
Seriously though it's very important for her website to continue as it is a popular and important personal finance resource. One of her most popular posts on the notorious Manila Banker's shady recruiting practices has hundreds of comments and serves as a sounding board for a litany of complaints about the bank. Other posts where she talks frankly about insurance, bank accounts and negotiating with PhilHealth, SSS, Pag-Ibig etc. gets many visits and comments everyday. It is obvious Filipinos are desperate for knowledge on finances thus making her website a valuable collection of information. It's also obvious there are powerful companies that probably wish she wasn't as honest which may or may not add to my hacked theory. 
I installed a captcha, a plugin to compress images, a firewall plugin and I am contemplating cloudflaring the site's DNS, which is fidgety and I'm tired so maybe I'll do it later. To the people who tried to take it down I have 2 things to say to you: good try and screw you.
September 11 at 4:38 PM · 
so i've confirmed that Jill's site https://frugalhoney.com is going through a brute-force attack. A brute force attack is software that does two things. 1. keep trying to guess a password and 2. tie up the login page of the website disallowing anything else. Think of yourself as a bad guy and you do not want people to call the police. While you cannot destroy the phone system you can instead keep calling the police's phone so when anyone tries to call them they keep getting a busy signal effectively disabling it. 
While the hacker is unable to get the password it is making the website so busy trying to accommodate attempts that the whole server shuts down from being too busy. 
I have put in effort to hide important pages and files away from bad guys by renaming important files. For example if you do not want people to know your porn you should rename your porn files to 'accounting.xls', it works something like that. 
I'm choosing between using a firewall or instead setting up cloudflare which is a super fidgety task. I'm not sure if my combination of renaming / hiding plus putting up a firewall might make the whole site inaccessible even to myself. In any case the server is still reeling from so many database requests that its slow as hell. I'll continue tomorrow. 
Fuck whoever is trying this. You're only motivating me to beat you. I'm focusing on stopping the attacks but once things are normal if you leave a footprint of any kind I'll find it and maybe I'll find you.
September 14 at 9:41 AM · 
UPDATE on Jill's blog. To recap, Jill's Personal finance blog https://frugalhoney.com was suffering a denial of service (DOS) brought about by a Brute Force attack. A brute force attack is when the website is made so busy trying to serve pages that it essentially hangs. 
After I backed up the site and made it run on my laptop I went to work. Brute force can be done in multiple ways and slowly I started to fix issue after issue. I was careful not to overdo it because I wanted to know exactly how the site was being attacked via trial and error. First I started to protect Wordpress essential files and placed captchas. When that didn't work I stopped wp-cron.php. When that didn't work I installed a high end plugin that hid system pages even more and stopped certain procedures altogether that were not essential. After that I finally cloudflared my DNS to block and document attacks. I was working with my US host to fix the issue and overall we traded close to 30 emails. 
We finally came to a point we realized that bots were attacking the site and this made me form a conclusion. To use bots to attack a site someone really wants it taken down and is possibly spending money by hiring someone to do so. It is an intensive process and isn't easy. 
While I can still try to find a fix it's clear that would be just my ego talking and I probably have to shell out some cash as well. So I decided to just move the whole site to blogspot.com. The longer I delay the more the site's Google ranking will suffer and the post we suspect is the reason why the site is being attacked will be erased from the internet - the ultimate reason websites are professionally attacked. 
So last night I moved the site to https://frugalhoney.blogspot.com and it's working now. My next step is to apply a htaccess rule that will change the domain from this: 
https://frugalhoney.com/…/what-to-do-after-you-get-scammed-… 
to this: 
https://frugalhoney.blogspot.com/…/what-to-do-after-you-get… 
That way anyone who clicks that important link on a Google search will still end up with the content they are looking for and the attacker can just suck my d=) because now it's Google they have to deal with. 
It's far more important for Jill's content to continue to exist than my painful fragile ego. She actually has to discontinue that site soon due to a potential career change. I learned a lot trying to save it though and I can apply this in future projects. The important thing is that her posts still exist on the internet. I hope the bad guys are paid by results they're not going to be able to collect.

Truth be told, I've been mulling about the future of this blog if what I'm waiting for actually happens. I seriously thought of just closing this blog like what I did with my past blogs. But seeing how some entities went through such great lengths to try to force it shut, like hell am I going to close it now.

Thus, let it go on record that Frugal Honey will continue existing and will not be cowered by BULLIES who resort to literal brute force to get what they want. But now that I think about it, considering their marketing practices, attempting to hijack a site isn't really above them.

I'll be fixing up the site in the following weeks since the migration has left it wonky. I'll probably also shift some of my too personal posts to private mode, but rest assured that the informative posts will be kept live and those that were subjected to attack will live on FOREVER. #suckit


7 comments:

  1. Oh no! Thank goodness for your husband. It's scary to think that even small bloggers like us may become victims of persistent attacks. It's just so sad that somebody will spend money to take your blog off the internet. You must be doing something right, girl. Good luck and I hope you'll still continue blogging when you get the judgeship, so we can continue to have your sensible voice in the personal finance online space. Virtual hugs!

    ReplyDelete
  2. That's really scary Jill! I was wondering what was going on too.. Glad you decided to ultimately keep the site going though! NOW that I think about it there aren't a lot of personal finance advocates/ bloggers in the Philippines (who aren't trying to sell stuff to readers, at least).

    ReplyDelete
    Replies
    1. Yeah,

      Sadly, the local personal finance sphere is mostly made up of pseudo advocates who pretend to be experts to sell you an overpriced insurance product.

      But there are still a lot of unbiased advocates out there, like FQ mom, who are really sincere in their drive to improve financial literacy.

      Delete
  3. Oh wow. So thats why. If I knew how to be a white hat I'd find out who and retaliate (looking at you Manila Bankers). Keep it going Jill. Your Financial Blogger fam supports you.

    ReplyDelete
  4. Hey, Jillsabs. Those are some really determined hackers but I'm glad you're soldiering on with the site. Echoing what the others have already said: there aren't a lot of Pinoy personal finance bloggers out there with no vested interests other than chronicling and information, and it would really help out others to still have your posts out there.

    ReplyDelete
  5. Happy you kept your website. I really have a feeling you were targeted. Thank you for not letting them win.

    ReplyDelete