Monthly Archives: June 2013

Downhill Mountain Biker Versus Peregrine Falcon

Red Bull have built their brand in recent years on the back of sponsoring elite level and extreme sports, whether it is the Red Bull Air Race or the more recent events like Red Bull Stratos where Felix Baumgartner skydived from the 128100 feet and broke the sound barrier on the way back down or the Formula 1!

The video below shows a Red Bull sponsored downhill mountain biking champion racing a peregrine falcon, which happens to be the fastest bird of prey on the planet, down a mountain bike course while the peregrine is swooping and bomb diving him on the cyclists descent attempting to retrieve a bright yellow package from his back.

I love the amazing camera work, it really highlights just how fast and amazingly agile the peregrine falcon is in the wild. Now imagine how the prey must feel when a peregrine bomb dives them at over 320kph and the fastest ever recorded speed was 389kph!

Hacked

Friday night, while browsing through an old article on my blog I stumbled onto a post that had a strange formatting issue.

This isn’t the first time I’ve noticed formatting issues on my blog, back in 2009 I had an issue with strange characters showing up. After investigating that particular problem, it ended up being a character encoding issue with MySQL. I fixed the character encoding issue, edited all of the posts that had the strange characters in them and the problem didn’t reappear.

What I noticed on Friday night was a little different, it looked as if I had mistakenly pressed <enter> half way through a paragraph. Initially I thought it might have just slipped through the cracks while writing or editing an old post, I fixed the issue and moved right along.

Half an hour later I ran into another post with the same sort of problem, very odd. This time when I went to edit the post, I switched from the WYSIWYG editor into the text editor and low and behold, I found something like the following within the post:

<div style="display: none"><a href='http://buy-cialisshop.com/' title='buy cheap generic cialis online'>buy cheap generic cialis online</a></div>

At which point I realised that my blog had been hacked. Once the hackers got in, they edited old blog posts, inserted links off to their favourite cheap pharmaceutical websites and moved onto the next website to hack trying to boost the rankings of their low quality, crap websites in Google search.

How To Fix A Hacked WordPress Website

My first plan of attack was to understand how broad the problem was throughout my blog. I obviously couldn’t go through all of my blog posts manually, as I’ve got literally hundreds of published items over the years.

To expedite that part of the process, I used a website analyser by Microsoft named IIS7 SEO Toolkit. It can crawl a website, a lot like how Google crawls the entire internet, just on a much smaller scale. Once it finishes crawling through hundreds of pages, it then analyses all the pages and provides a reporting interface that made it easy to identify all of the websites I’ve linked to over the years, including the newly inserted irrelevant spam links. I worked through that list manually, and then edited each relevant blog post to remove the spam links.

Next up I reviewed what users existed within WordPress. When you install WordPress for the first time, it will create an administrator named ‘admin’ by default or a name of your choosing. I don’t recall why but I let it create the default ‘admin’ user and I subsequently created an additional account for myself. The default admin user has a randomly generated password, so I don’t think it was the cause of the hacking but the account was removed anyway as it isn’t needed.

I suspect that the hackers got into my blog using a brute force attack. In these scenarios the attacker will attempt to login thousands of different times using a known set of passwords, often starting with dictionary words. This was an obvious problem for my site, as I was using a dictionary word for a password; I should and do know better. I’ve updated my account password to a unique, long, randomly generated one with every type of character under the sun in an attempt to avoid this happening in the future.

Not knowing for sure how the hackers breached my WordPress website, it is possible that they have edited the physical WordPress files on the web server since they may have known my account password. Just to be sure, I downloaded a fresh copy of WordPress and re-installed it to remove any possibility that they hackers had a backdoor into the site for future reference.

Like most WordPress website owners, I utilise plugins from around the internet to augment the default behaviour of WordPress. There is nothing inherently wrong with installing plugins, however the quality of the software varies plugin to plugin, as does their attention to security details. As such, each time a plugin is installed – there is an increase, albeit small, that the plugin might have some sort of security exploit within it that could potentially allow a hacker to get into a website. To reduce the likelihood of that happening, all of the plugins that are installed but not active have been deleted from the server.

To help monitor my website on an ongoing basis moving forward, I have setup a series of Google Alerts which will notify me via email/RSS if they find certain keywords within the content on my blog such as viagra, cialis, porn, poker and so forth.

In the next week or so I am going to review a bunch of different WordPress security focused plugins  and best practices as well, see what other security improvements I can make to my blog so this doesn’t happen again in the future.

Frustrating.

Coffee Table

I have an idea for a coffee table that I’d never ever get bored with.

In the video above they are using different frequencies to vibrate the metal, which causes the sand to move into an amazing collection of different patterns as the frequency changes.

I’m imagining a glass topped coffee table with a layer of sand underneath and something to switch between the different frequencies. The sand art would be constantly changing forms, morphing from one shape into another. One small problem with it is that it’d require a power lead or battery to operate, but something that you could work around for having a spectacular kinetic art installation in your living room.

30 Day Challenge: No Chocolate

Shaved ChocolateAs the next 30 day challenge, I’m going to go the entire month of June without chocolate.

Following on from keeping track of what I eat over the course of an average week, which is what motivated me to cut down on my milk intake, it became clear that chocolate was another clear contributor to a poor diet.

Like most people, I like chocolate. Unlike most people, I treat chocolate as a food group and I’ve long realised I can’t be trusted around it.

Semi-regularly I used to buy a family block of chocolate from Woolworths when they were on special and demolish the majority of it in a single hit, maybe while watching a movie. In more recent times, I’ve stopped buying blocks of chocolate since they don’t last but every once in a while – one finds its way into the fridge. My chocolate habit doesn’t stop with blocks of chocolate though, it extends into anything with chocolate involved like chocolate chip cookies, Snickers, Crunchie and Cherry Ripe chocolate bars or chocolate coated sultanas.

The goal for the month is to basically ween myself off chocolate, with an end game of being able to eat it in moderation moving forward as a treat and less so as a food group.

Wish me luck, I think I’m going to need it!