Thursday, October 30, 2014

Four Easy Steps To Improve Your Wordpress Security

So you have a Wordpress website? Congratulations on choosing this awesome and power content management system. Now the bad news. Out of date and badly secured Wordpress websites are hacked every minute.

If your Wordpress is one version behind in updates, runs an old theme or has an outdated plugin it is probably being hacked right now. Hackers have automated scripts that find your out of date website and use it for nefarious reasons. Almost everyone who has had a Wordpress website for longer than a couple of months has experienced this.

However, there are some precautions you can take to bring down your risk. Here is my recommendations on how to deal with Wordpress security.

  1. Never allow your Wordpress system to get out of date. This includes the themes and plugins. If you are a web developer and create multiple Wordpress websites this can become a bit of a pain to manage. Well you kinda have to. The best way to keep up to date on multiple Wordpress websites is to run a plugin called InfiniteWP.

    InfiniteWP ( http://infinitewp.com/ ) is a plugin that tracks out of data Wordpress websites and its plugins. You can easily update your sites and plugins from one central point.

    If you install a website through Softaculous, I would recommend installing the default Wordpress install through it, and then using the automatic backup and update system that comes with it.
  2. Change the default Admin username. By default hackers will try brute force hack your website with the username, “admin”. This is because that is normally the default admin username. There are multiple plugins that can be used to change your admin username.
  3. Install a powerful Wordpress firewall. After years of experience we have found one of the best defence systems out there is a powerful plugin called Wordfence ( http://www.wordfence.com/ ). They have both a free and a premium plugins to choose from. In most cases the free plugin comes with more than enough useful features that it is on our “have to have” list. If you have a some loot in your pockets, dont be cheap, and buy the premium version.
  4. Use DNS filtering. This is also on our, “have to have” list. We use a system called CloudFlare ( http://www.cloudflare.com/ ). Cloudflare comes with multiple systems to protect and enhance your website. It is a very powerful firewall. It stops almost all DDoS attacks launched at your website. It comes with a CDN (content distribution network) that enables you to serve your site faster. It also comes with a neat ability that automatically filters out most hackers and that hides the IP of your server from hackers. You will need to install the Cloudflare plugin to get accurate statistics.

The steps listed above are easy to get going and anyone with a Wordpress website should be able to get it right. For those of you with more advanced knowledge of Wordpress and who want more information on hardening your Wordpress website I would recommend that you read the following guide:


Two other things you should consider. You should always have regular backups of your website and if possible, use a system that monitors and alerts you of changes in your website code. A system like Codeguard ( https://www.codeguard.com/ - Not Free ) is recommended for that.

I hope you find this information useful, and I really really hope you implement it. You can take control of the security of your website, and if you dont, I promise you that some dodgy little hacker will.

Happy Wordpressing

Wednesday, July 23, 2014

Hearthstone - How to beat Maexxna in Heroic mode with a druid

To win this battle I had to abuse some card mechanics, but more specifically the hero ability for Heroic Maexxna.



My final card list:

2 Innervate
2 Claw
2 Wild Growth
2 Wrath
1 Bluegill Warrior
2 Novice Engineer
2 Healing Touch
2 Savage Roar
1 Arcane Golem
2 Earthen Ring Farseer
1 Wolf Rider
1 Bite
1 Keeper of the Grove
1 Leeroy Jenkins
2 Starfall
1 Force of Nature
1 Starfire
2 Ancient of Lore

Thursday, June 26, 2014

Best way to install WHM/cPanel Server for shared hosting

How to setup a WHM/cPanel server

Every cPanel administrator has their own way of setting up a cPanel server. I have over a decade of experience dealing with cPanel servers and this is the minimum setup that I will do for a shared hosting environment.

I have tried to keep costs as low as possible while still offering essential services that add to redundancy, stability and security.

Your main shared hosting server:

A dedicated server, you can rent these for really cheap from your favorite data center. If you are looking for economical servers, I would recommend Server4You which rent out dedicated servers for as low as $30.


Once you have your dedicated server you need to install the latest version of CentOS 64bit. Once you have installed CentOS you will need to install the latest version of cPanel for $35. You can buy a cPanel liscence from BuyCpanel.


The next important feature you need to install that is pretty essential is a system called CloudLinux. What Cloudlinux does it help protect your system from out of control scripts or clients that hog too much of the servers resources. This will cost you $14 a month. You can order Cloudlinux from their website:


Once you have installed your cPanel/Cloudlinux setup you now need to install your favorite plugins to help you manage your shared hosting server. There are three plugins that I consider essential

1. Munin Graphs. You can easily enable this by selecting the option in the plugins section of WHM.
2. ConfigServer Mail Queues (cmq). When you manage shared hosting one of the things you will be constantly dealing with are out of control mail queues. This plugin helps you manage those queues and delete excess email without removing legitimate mail.
3. ConfigServer Firewall (csf) . This allows you to control and manage your firewall on a much higher level than WHM would normally allow you to. I highly recommend this plugin.
4. Softaculous. Softaculous is a plugin that allows your users to install commonly used php sites such as Wordpress. The added advantage of Softaculous is that it automatically updates your clients websites to the latest version of Wordpress. This really helps with security. This will cost you $2.50 a month and is available from BuyCpanel as well.

That in essence is what you will need to run your main shared hosting server. However we are still short on some essential systems. These are a backup system and DNS redundancy. Luckily you can use the same system for both the backups and your DNS cluster.

Supporting VPS

What you can do is rent a VPS from Backupsy. You can purchase a VPS from Backupsy for $10 a month. This will give you 250GB of disk space. You can scale your VPS as required, but 250GB should be enough to start your backups with.

What you want to do is install CentOS 64bit on your backup VPS. Once you have installed CentOS you will want to install the DNS ONLY version of cPanel. Once that is installed you can connect this DNS ONLY version of cPanel to your shared hosting server in the DNS cluster configuration.

Fantastic, we now have DNS redundancy located in a different datacenter to your shared hosting server. The last thing we need to do now is add the backup system to your backup VPS. I use a system called Bacula4hosts. I like their system because it allows a bare metal restore as well as adding a backup icon to your clients cPanel control panel that will allow them to restore individual files and/or accounts. This costs $19 a month and connects your shared hosting server to your backup storage server (which we are also using as a DNS server).

Voila, that it. Thats the minimum I would install for a shared hosting server. Now you have a very functional, stable cPanel server that has DNS redundancy and reliable backups for a total cost per month of $110.50

Cost summary:

  • Dedicated server - $30
  • WHM/cPanel license for a dedicated server - $35
  • Cloudlinux - $14
  • Softaculous - $2.50
  • Backupsy VPS - $10
  • Bacula4Hosts - $19

Total cost per month - $110.50

Hope someone finds this guide useful! :)

Wednesday, April 30, 2014

Conversations with a Putin Shrill (Russian Propagandist)

Important Introduction: This article is not aimed at all Russians. This article is focused on the corrupt Putin and those that support him.

So yesterday I was watching the amazing story of of a highly respected journalist by the name Simon Ostrovsky who was doing investigative journalism research on the Russian invasion of Ukraine.


Simon`s work in Ukraine is well known. He has been covering the Russian sponsored invasion of Ukraine since the start and is one of the few credible journalists who has feet on the ground and is giving us day to day updates on what is happening.

Of course his journalism has upset Pro-Russian forces and he was recently illegally detained for several days by forces loyal to Vladimir Putin. During his detention he was beaten and interrogated. The Pro-Russian militants did their best to try intimidate and bully him. I highly recommend you watch the video I have linked above to get more insight into this story.

On the day that Simon was released he was asked to make himself presentable as his captor lied to him and told him he was about to be released. Instead he was taken upstairs to meet Evgeny Popov, a cameraman from Russian State TV. Effectively a Putin Shrill.

Before I continue with the story I just want to justify my comment about calling this man a Putin Shrill. By international standards he is not a real journalist. Press Freedom in Russia is terrible. Most African countries have higher levels of press freedom. Russia are right there at the bottom of the Press Freedom Index (as per Reporters without Borders). The government is well known for killing off journalists who try expose its corrupt practices or who are critical of Putin and/or the Kremlin. There are almost no credible journalists left working for the Russian government. It is widely accepted around the world that anyone working for Russian state television is a Putin Shrill / propagandist.

So instead of Evgeny Popov asking real journalist questions to Simon when they meet, he instead tries to frame questions or ask for explanations that might in some way, make America and the "west" look bad. Imagine this. You are a journalist, you meet someone who was kidnapped by Pro-Russian forces and the only thing you can ask the victim is how to blame the west?

Any reasonable human would be disgusted by what Evgeny Popov asked and how he went about his interview. I know I was. So much so that I actually messaged him on Twitter to let him know exactly what I think of him.

To give you an idea of how much of a propagandist Evgeny Popov is I have to show you a part of the Twitter conversation I had with him. The conversation had basically got to the point where he used an old troll technique of false accusing me of only getting my information from America (and thereby insinuating that I could not have an informed opinion on the topic).


Now this is a false claim by Evgeny Popov directed at me. There is absolutely no way that he could possibly know what media and news I absorb. For the record, I absorb ALL media. I watch America media, EU media, African media, Middle East media, South East Asian media. I literally watch it all. I even watch Russia Today, Al Jazeera and Fox News (though to be fair to Al Jazeera it really does not deserve to be lumped with the dishonest Russia Today and Fox News). I have made it a point in my life to absorb all media. I have also made it a point to study propaganda, which is why I watch Fox News and Russia Today.

If you want to know what Putin is thinking, you watch the propaganda on Russia Today. If you want to know what the Republican Party in America are thinking then you watch  the propaganda on Fox News. I have found this to be the most effective way of cutting through the bullshit presented by propagandists like Evgeny Popov.

So I call Evgeny Popov out on his lie. I tell him that he is misrepresenting me and what I watch and therefore is lying. His response was so ironic it inspired me to write this article:

I actually laughed when I got this response. Evgeny Popov is such a terrible propagandist he makes a lie about me and says that I called him a liar without evidence.

To put that into perspective, that's like me telling you (the reader) that you enjoy cold baths. When you deny that and say I am lying, I then tell you that you have no evidence that I lied.

I think Putin and the Russian government have let the people of Russia, Ukraine and the rest of the world down. Most of the world wants for Russia what they have themselves. We want Russia to have real free and fair elections (they do not at the moment). We want Russia`s press to be credible. Sending people like Evgeny Popov to do interviews is an insult to journalism and the Russian people.

I believe that Russia has a chance to be a great country. To be a respected country. Right now Putin believes the only way to get respect is to beat people. Respect is earned through honorable deeds. Not through bullying weak and powerless neighbours. However, it does seem that until Putin goes, Russia will never be a free country. They will become the isolated pariah state that Putin wants Russia to be.

To the Russians that read this. Know that I live in Africa. We have a stronger currency than Russia does. We have more freedoms than Russians do. We have a less corrupt government than Russia does (though our government is still corrupt.... its not half as bad as Russia). We have a free press in my country in Africa. We are allowed to criticize our leaders and the ruling party in national media. Under Putin you are falling behind countries in Africa. It is time to wake up and change your leaders.

Evgeny Popov, it is good that you got to meet Simon Ostrovsky, now you know what a real journalist looks like. 

Saturday, March 22, 2014

Installing Kippo HoneyPot on a CentOS cPanel Server

There are a lot of guides out there that advise you on how to install kippo on Ubuntu and Debian servers but very few complete guides on how to get Kippo HoneyPot working with a CentOS WHM/cPanel server.

This tutorial assumes the following:

1) You have root
2) Its CentOS 6.4 with WHM/cPanel installed


Phase 1. Change the default SSH port

First think you need to do is change the default port you SSH in on. You should be doing this by default for security reasons. Its stops 99% of SSH brute force hacking attempts.

To do this you need to edit:

# nano /etc/ssh/sshd_config

You need to change the default to a high number random port:

Port 26903

Save the file and restart you SSH service. You may need to relogin.

Phase 2 - Create a user for kippo.

I want to be able to look at graphs, so I create a user in WHM. The username I create is also going to be the username that runs the Kippo HoneyPot. Once the user is created in cPanel, login to cPanel and create a MySQL database and a MySQL username. Add the user to the database. It is advisable you download a copy of Kippo and using PHPMyAdmin import the sql file that comes with Kippo (You can find the sql file in the doc directory).

Phase 3 - Install requirements

As root, install Twisted packages
# yum install twisted

When I tried to run Kippo with a MYSQL database connection, I kept getting the following error:

"Failed to load application: No module named MySQLdb". When I tried installing the package through yum I got, "No package MySQL-python available.". So what I did was download the file directly :

https://pypi.python.org/pypi/MySQL-python/1.2.5

Unzip the file:

# unzip MySQL-python-1.2.5.zip

And run the following commands:

#  cd MySQL-python-1.2.5
#  python setup.py build
#  python setup.py install

Phase 4- Download and configure Kippo

SSH into your server as your Kippo username. Download Kippo (be sure to download the latest version) :

# wget https://kippo.googlecode.com/files/kippo-0.8.tar.gz

Unzip the file:

# tar -xvf kippo-0.8.tar.gz
# cd kippo-0.8

Then you need to edit your Kippo config file

# nano kippo.cfg

Most of the default configuration settings should be fine. However you are going to want to change the mysql settings to reflect the mysql username and database you created in cPanel earlier. Save the file and you should be ready to run kippo.

Assuming you did everything I recommended you should get something like this:

# ./start.sh
Starting kippo in background...Removing stale pidfile /home/kippouser/kippo/kippo.pid
/usr/lib64/python2.6/site-packages/twisted/conch/ssh/keys.py:13: DeprecationWarning: the sha module is deprecated; use the hashlib module instead
  import sha, md5
/usr/lib64/python2.6/site-packages/twisted/conch/ssh/keys.py:13: DeprecationWarning: the md5 module is deprecated; use hashlib instead
  import sha, md5
Loading dblog engine: mysql
Congradulations! Kippo should be running.
# ps -ax | grep "kippo"
 484614 pts/2    S      0:00 su kippo
 484660 ?        Sl     0:00 /usr/bin/python /usr/bin/twistd -y kippo.tac -l log/kippo.log --pidfile kippo.pid
 485746 pts/2    S+     0:00 grep kippo

Phase 5 - Firewall redirection

We have Kippo running but right now its only running on port 2222. Since we changed the default port earlier we can now use that port. So what we want to do is create a firewall rule that redirects port 22 to port 2222. As root you do this by running the following command:

# iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 22 -j REDIRECT --to-port 2222

It is important the eth0 is the network interface you want to run Kippo on.

Phase 6 - Graphs

If you are like me and want cool graphs to quickly get an overview on what is happening with your honeypot, you can download kippo-graphs:

http://bruteforce.gr/kippo-graph

Install it in your public_html directory and change the config file so it points to where you have kippo and be sure to include the MySQL database credentials you created earlier. Browsing to that directory should display some useful graphs:














Thursday, February 13, 2014

My first taste of political violence

So yesterday, the Democratic Alliance in Buffalo City Municipality decided to go clean up Oxford Street. Basically the street was a mess. Municipal workers had been striking for weeks to get a 14th cheque and rubbish was piling up.

Events have go so out of hand that even our city hall was fire bombed. The city is literally burning while ANC leadership fiddles (hides).

The entire situation was created by terrible mismanagement of Jacob Zuma's ANC. They had over promised and under delivered. They promised the workers that they would be getting a 14th cheque due to underpaying them in the 2012 year. So they are angry.

Since we have some major international sporting events in our city this time of the year (Like the African Golf Open), the Democratic Alliance decided to walk down Oxford Street (our main street) and pick up all the litter and rubbish. This actually turned out to be a massive job. 

When we were about 2/3rds of the way down Oxford Street we noticed a comotion behind us. Protestors were coming up behind us, taking the black bags we had collected the rubbish in, and then started throwing the rubbish onto the streets and at DA people.

I caught the tail end of this on video.


As you can see things get pretty crazy as intolerance is shown at the Democratic Alliance members. A lot happens in this video so I decided to break it down into some pictures so you can get a clearer understand of what is happening.

Samwu member throwing garbage


Garbage nearly hits innocent bystanders


Samwu member tearing up refuse bags


Samwu member throws garbage at DA members


Samwu member (blue top) looks for projectile in rubbish


Samwu member throws projectile at DA members


Two things are happening in this frame. The Samwu member in the white shirt is picking up something to throw. The Samwu member in the black dress is trying to stop SABC news camera man from filming events


Samwu member covers this lady in rubbish. 

While only light injuries were sustained its very gutting to see all the hard work you have done been undone by workers who wish to hold the city hostage. This type of intolerance needs to be highlighted. 

The complete and utter disaster caused by Jacob Zuma's ANC needs to be shown to the world. 

Here is Athol Trollip explaining the event in more detail:




Tuesday, February 11, 2014

The Disneyfication of Exotic Animals

Ive recently started breeding some awesome exotic animals and I find myself on the receiving end of the Disneyfication of these animals a little too often.

For my readers that dont know what the Disneyfication of animals is, its basically a person  who confuses expectations with reality. The expectations are normally crafted from movies like the Lion King rather than any type of reality.



Ill give you an example of what I am talking about. The other day myself and a group of nature lovers on a Facebook were busy admiring some beautiful exotic animals. Specifically we were talking about breeding a beautiful but unfortunately named species of Madagascar Gecko (It is called a Satanic Leaf Gecko) Uroplatus phantasticus.


These animals are originally from Madagascar and now bred all over the world. Since there is a demand for them they will never go extinct. Even if the oceans rise due to global warming.... these beautiful animals will continue survive thanks to loving breeders who care and breed them.

So there we are discussing breeding these little marvels when one of those people I was referring to decided to interject her opinion. 



As you can see, we are given some pretty horrible advice by and otherwise well meaning human being. Let me break down what she said and why her views are divorced from reality.

1) She refers to an incident at OR Tambo where she says "smuggled" animals were left to die. This is not actually true. There was actually no smuggling taking place.

In fact, just about every forum and social media network in the exotic animals trade featured this story and almost all of us were completely gutted by the news. It turns out that due to mismanagement of a precious cargo by transportation staff, the animals were left too long without care and started dying. A horrible event to have happen, but not one caused by exotic animal traders. 

2) Jennifer then incorrectly refers to the exotic animal trade as a "trend". She does not realize that this trade is older than the existence of domestic dogs and cats. People throughout history have loved and cared for all types of animals. Long before they domesticated cats and dogs. 

3) Jennifer then blames the exotic animal trade for the devastation of wild life. Which again is so false and misleading. Normal people are responsible for the devastation of wild life. The dwindling numbers have less to do with the exotic animal trade and more to do with the expansion of leafy suburbs so that humans can drive their gas guzzling, CO2 causing SUV`s around. Its the loss of habitat that is hurting wild life so much. As human expansions continue, so do the habitats of many animals decrease.

 In breeder clubs we often get involved in captive breeding programs so that we can try release some sensitive animals back into the wild. However, we have some major problems with releasing some of these animals back into the wild as their habitats are no longer there. You often find humans have just cleared their area to build another coffee shop. 

4) Jennifer finishes off by telling us that we should get a domesticated exotic cat or dog (as they are not indigenous to our area). This is not good advice. I have two (spayed) cats and I personally know what blood thirsty little murderers they are. I love them to bits, I am however completely aware of the massive impact they have on our environment. They are well fed animals and do not kill the local animals for food... they kill the local animals for their own entertainment. I dont know how many dead geckos, small mammals and birds my cats have killed. 

This brings me back to the cute little blighter that started this whole conversation off. Uroplatus phantasticus. When these animals are threatened with extinction in the wild, it won't be because of the exotic animal trade. It will be because of a lack of habitat as human suburbs expand on their territory. and the devastation of the remaining indigenous animals by exotic animals like cats. 

Luckily they will not go extinct as there will always be private breeders who have a great passion and love for these animals that will ensure their long term survival.

One only wishes someone had privately bred the Dodo before cats introduced by sailors destroyed the local population and drove them to extinction. 




Thursday, January 16, 2014

My perspective on firearm ownership


One of the things I have learned in my exploration into politics is that what you say can easily be misrepresented.

I experienced this recently. I was having an informed and polite debate with a friend of mine on Facebook. The debate mostly focused around the issue of whether firearm regulation improves safety.

I learnt through a reliable source that some people had apparently pointed out my conversation as some type of anti-gun stance.

Let me set the record straight here and now. I am not anti-gun or firearm. I grew up around firearms. We had them on the farm. I was hunting before most boys had fired a BB gun. 

When I entered high school, I joined the shooting team. For my whole high school career I spent 3 days a week practising. I would shoot between 50-100 rounds every practice with .22 German-made Auntluch rifle. I once shot 398(400) in a bisley. 

I also understand the important role hunting plays in nature conservation, and how game farm permits have lead to a massive increase in game population levels (*1). 

I have no problem with responsible people who wish to purchase firearms for defence, for hunting or other recreational uses.

What I do believe in is smart firearm regulation -- that only people who can show that they can responsibly own a firearm and have a valid reason for a firearm can purchase one.

My view is hardly extreme. It is very moderate. Most of the safest countries in the world have deployed successful firearm regulation which has lowered the rate of firearm deaths (*2).

Just because I like firearms does not mean I ignore the cold hard reality about them. Telling me "guns don't kill people; people kill people" is like telling me cigarettes don't cause cancer. A gun kills. That is why I use one to hunt with.

Studies found that people who carry guns were 4.5 times as likely to be shot and 4.2 times as likely to get killed compared with unarmed citizens (*3). Societies with poor gun regulation are more likely to have more gun-related deaths. 

Since I am aware of the dangers and risks associated with firearms, I really think it is important that we have smart regulation that allows responsible gun owners to own firearms and that improves the public's safety. 

Improved firearm regulation in Australia saw an end to all mass shootings. According to President Howard (former conservative President of Australia) firearm homicides dropped by 69% over the next decade and firearm suicides dropped by 65% (without a parallel increase in non-firearm homicides and suicide rates). (*4)

I understand the need for a hunter to own a hunting rifle, but I don't think selling AR15 assault rifles in our Spars would be a good idea -- a view shared by 85% of American gun owners.(*5) 

South Africa has some very responsible gun ownership laws, but I always believe that there is room to improve our policies and systems so they are more effective and more efficient. 

I am not anti-gun. I am pro responsible firearm ownership. 

Resources:
2:
4:
5: http://www.pewresearch.org/daily-number/most-gun-owners-favor-background-checks-for-private-gun-sales/


Tuesday, January 7, 2014

Azure Cloud Woes

I would have loved this to have been a review about Azure Cloud, but it appears Microsoft does not want me as a client. Earlier today I decided to sign up for their free trial to test their cloud based VPS`s. As I am sure you know, the Cloud VPS is a highly saturated, highly competitive market, so I expected something great from Microsoft.

My first impressions? Well my first impressions is I cant even sign up for their service. I went through the intrusive process of giving Microsoft my phone and them verifying it, but when it came to the payment, it would not accept my credit card. This is the same credit card they have on record, which I have used in the past to purchase Windows 8 and Office 360. They even have my credit card under payment options when I view payment option in my account.

At first I thought this was a bug so I tried again. Again they didn't like my payment option. They asked me to contact support. Oh well, I figure if I can just email or submit a support ticket I am sure I can get this resolved.

So I click on get on "Get Support" only to be told that I don't have an active subscription (duh) and I must click on yet another link to get support. So I do this again. Now this time I am greeted with a page of country names and the generic Microsoft support number for my country. They now want me, to spend money and for me to phone them to fix their screw up.

At this point I couldn't be bothered. As mentioned earlier on the VPS market is a highly competitive market. I don't need to jump through 10 hoops with other suppliers, why would I bother with Microsoft.

So sorry Microsoft. You are your own worst enemy. You lost another potential client.