Dear Diary: Roll on Spring

Dear Diary,

I. am. knackered.

Dear fucking god, I am knackered. Someone at work had a family crisis this week and had to rush home. I was halfway through my shift, and they had only just started theirs. Guess who’s the only other person who can do their job? Uh-huh. I ended up doing my job, followed by their job. And I had to do that for three days. Believe me, trying to cram 16 hours of work into as close to a normal shift as possible is… well, impossible, but I managed something close to it. Now, though, I’m wiped, and consequently I’ve not been doing much in SL for most of this week; mainly logging in to clear inventory offers, check the store’s okay, and just sit on a couch and vegetate. I barely even shopped! How knackered am I? Well, I slept for nearly ten hours last night, and I almost never  do that. Anyway, hopefully my colleague will be back on Monday, so normal service etc should be resumed.

This is our beagle in SL. His name’s Smeagol the Beagol. (Daros named him. Can you tell? XD) I kinda know how Smeagol feels right about now:

As a result, there’s not much in the way of SL stuff to update you with in this post, but I’ve got a bit of blog stuff. First of all, since I’ve been both vegetating and  frazzled when I’m home, I’ve been reading a bit more and listening to more (if that’s possible) music. I thought it might be interesting to run a page wherein I document my current activities in that vein, so look in the sidebar for a new page, called Currently…

On that page, you will find my current: reading, listening, wearing (SL), making, and wishing. I doubt I’ll update it on a weekly basis, since I don’t read as much as I used to and it’ll take me more than a week to get through one book (I can read quickly, but with my 4am start for work I’m usually at the point of nodding off once I’m comfortable with a book in my hand) but I’ll keep the previous weeks’ lists at the end of each post so you can catch up if you miss any. I hope you can find some new music, or something interesting to read, from that list. You might be surprised by my first book choice, but don’t be. It’s a damned good one, and I read around a lot  of different subjects.

Now, back at the end of January, I was concerned about the number of spammers hitting the blog. You can read the post here – Spanking Your Meat – and what I did about it (including my alarm on, having installed some security plugins, seeing how many people were constantly trying to hack  the blog). I promised at the end of that post to update you on what I’d done, and show you what the stats were for February, after taking those security measures, so here’s that update.

First of all, I soon found out who the worst culprits were, country-wise, for both hacks and spam. You might be surprised at the spam locations, but probably not the hacks.

Hack attempts primarily came from: Ukraine, Belarus, Russian Federation, China. Oh, and rather weirdly… Henderson, USA.

Spam primarily came from: all of the above, plus France, Germany, and Kansas City. Yep, somewhere in the Mid States we have Spam Queen and Hacker Central.

Offending ISPs became clear over the month, as well. In Germany the prime ‘baddy’ was LeaseWeb. In France it was OVH. In Ukraine it was Kyivstar. I got to the point where I was hunting down entire IP blocks for those ISPs and banning them using the WordFence Advanced Blocking option, and in some cases, boy that really worked…

Let us begin in a surprising place: Minneapolis. Home of His Royal Princeness, but someone was trying to Purple Rain on my parade, because look at this:

Now… WHY would someone from Minneapolis be so interested  in all things ‘user’ and ‘admin’, huh? Could it be because of this?

Bet your fucking life it was. No way, Mr Comcast Business User at IP number 50-78-225-33; you’re not getting to my admin login panel after trying to sniff out a list of names of all users on the blog, nor are you hitting it with a packetstorm. Thanks to Wordfence and Bad Behaviour, he was stopped in his tracks.

Here’s just one IP block of the French OVH spammers:

More blocks. Wowrack is a server farm and is used by a lot of spammers. That ‘randomosity’ tag gets hit hundreds  of times a day. It’s one that I’ve used a lot, therefore it contains a lot of content (and a lot of images) which get sucked down by site scrapers, thereby increasing my bandwidth usage. The ‘suspicious suffixes’ IP was adding dodgy-looking code to the end of links it was trying to grab. And there’s another block of the good ol’ Leaseweb spammer IPs:

I also blocked the Russian Yandex search engine spider (hosted, oddly, in Palo Alto, US). Because YOW, that bitch doesn’t obey the robots.txt command I have to only crawl every few hundreds of seconds. Look at how many hits have been blocked!

More French OVH spammers:

Wordfence will also tell you who logged into and out of your blog (including yourself) and it logs failed attempts. Oh look, Kansas City and Henderson again! Oh, and OVH. *snerk*

Another load. Lots of confused Americans around here. These ones are trying the default ‘admin’ username.

The spam and hacks from Ukraine and China were getting so bad that I couldn’t keep up with it. Hunting down the hundreds of IP ranges for two countries (lists do exist on the interwebs, but each one is hundreds of ranges long, and I don’t have the time to copy/paste individually) was a nightmare, so in the end I forked out for the paid version of Wordfence, purely for two reasons:

  1. The plugin works and works well, thus I’m happy to support it
  2. The paid version lets you block entire countries from accessing your site

Yep, that’s what I had to do in the end. So, if you’re from China or the Ukraine, unless you’re using a tunnel or a TOR-like proxy, all that you’ll see when you try to access Virtual Bloke… is this page.

Finally, I promised you a screenshot of my Askimet spam filter results for February. It had halved since January, which is mainly a result of the security plugins, the .htaccess file and improved robots.txt files. It’s a work-in-progress, and you can see that March is already gearing up to be a bit of a bad month again. Now, though, the spam is coming mainly from the US, Germany, and France. I’m still working on this, so over the course of the upcoming months those totals should go down a bit more.

They did get one thing right in their failed attempt to hack, though:

So totally am ;-)