So my site got compromised today.  Literally 5 minutes before I logged in to check some notes about WordPress Security I had written down earlier.  It was pretty neat, actually.

Welp, I got it cleaned, and fixed some permissions.  I’ll monitor the situation, and probably have a post about it coming around in a few weeks.  I always like something neat to write about.


S3 (in)Sanity: When `info` doesn’t cut it.

If you are a web developer, in this day an age, you will at some point swim a bit in the waters of the land of AWS. It is a fertile land, with many fruit, and exciting things to do, and once there, you will eventually work some with S3. S3 is fairly straight forward in it’s basic use-cases, with s3fs it’s basically just another drive, with the added bonus that you can share that drive across multiple systems and share files, like cached images or pages.

 » Read more about: S3 (in)Sanity: When `info` doesn’t cut it.  »

Protecting WordPress with Fail2Ban

When you host a WordPress site, you should consider that you are pretty much opening a backdoor to your server.  It’s not quite that simple, but, as one of the most widely-used Blogging and “CMS” platforms, it is regular target for hackers, and when you consider the vast ecosystem of 3rd party Plugins and Themes (one of the main driving points of it’s popularity), hackers have a massive surface area to attack.  Because of this, it is important to do what you can to protect WordPress installations from exploit and abuse.  In this post I am not going to go over securing the code that runs on WordPress, but I am going to mention two things you can do using Fail2Ban to protect against unauthorized logins, and abuse of xmlrpc.php.

 » Read more about: Protecting WordPress with Fail2Ban  »

Short-cutting Fail2Ban 8.1

If you find yourself spending a lot of time working with/on web-facing servers, you have probably heard of or used this awesome little thing called fail2ban.  I am not going to get in to what it is or what it does, if you have never heard of it, you should look into it, as it is a pretty helpful tool for protecting your web-connected machines.  I have been using it for some time on my AWS and personal boxes, and considered myself fairly adept at it up until the other day, when I discovered a few little tricks to slimming my jail configurations considerably.

 » Read more about: Short-cutting Fail2Ban 8.1  »

So, I got a very nice call from the Fraud Detection department working with Five County Credit Union, yesterday. Turns out, I was ordering Playground Equipment, and they didn’t think that was like me…

Well, it isn’t, and it wasn’t!

That’s pretty much the whole story: Playground Equipment, and some $1 bidding service. The only other odd bit was that the transactions were authorizations, and didn’t carry a value, so I got lucky.

Anyway, the card is flagged, closed, and I am getting a new one. Both transactions happen in the span of two days, and for the life of me I can not figure out where they would have left my sight recently. So I am guessing we are going to hear about another breach soon. Either that, or they were leaked as part of the Hannaford or Target breaches over the past few years, and it was my cards turn to get used. Either way, all is right with the world.

I will say, though. I looked at the website, and it was some pretty awesome playground equipment. I wouldn’t mind having a slide like that in my back yard…

I am very excited to be the new web-host for Between the Sheets Photography, the boudoir arm of Thousand Words Photography, by Laila Valade.  She is a phenomenal photographer, and I am super-excited to help and be a minor support in what she does.  Currently the site is simply an “Electronic Business Card” of sorts, but we will be working on getting a more full-fledged site up shortly.  You can find Laila on Facebook, at Between the Sheets Photography, and Thousand Words Photography.  Cheers!