4 security links: Why you better secure your blog
Hackers are trying to break into my blog. I know this because months ago, I heeded the advice of other bloggers and boosted my security measures. That included installing the “Limit Login Attempts” plugin. Within days, I started getting WordPress notices when someone was locked out of my blog. I’m the only authorized user.
Since then, I get one or two WordPress alerts every week. Yeah, I was surprised, too. But this is a story about a small success.
Last week, I checked the logs and noticed that the same IP address had been locked out 64 times. I checked and found it came back to a site hosted by Amazon Web Services. I e-mailed their abuse address. They asked for a little more information; a few days later, I got a nice reply.
We have completed an initial investigation of the issue and learned that the activity you noticed did indeed originate from an Amazon EC2 instance. These intrusion attempts that you report were not, however, initiated by Amazon…
That said, we do take reports of unauthorized network activity from our environment very seriously. It is specifically forbidden in our terms of use. We’ve already contacted the Amazon EC2 customer who controlled the instance in question and informed them that they are required to terminate their unauthorized interaction with your network, failing which we will terminate their instance. In cases of egregious abuse or as we otherwise deem appropriate, we will immediately terminate all their instances and suspend their account.
That made me happy.
The lesson here: If you haven’t already secured your blog, do it. I’m not going to go into detail about what I’ve done, but I’ve included links to some of the sites I consulted. Alas, since I’m using WordPress, I’m not sure what the best resources would be for you users of TypePad, Movable Type, Blogger, Drupal….whatever.
And I’m not naive enough to think that my blog is impervious to a determined hacker. Consider this my “knock on wood.” Here’s the links.
10 Tips To Make WordPress Hack-Proof. The Ultimate Guide
guvnr.com | February 24, 2009
This is a must-read for keeping your blog safe, especially if you’re blogging in WordPress. I followed this one almost point-by-point. Complete with videos.
10 Steps To Protect The Admin Area In WordPress
Smashing Magazine | January 26, 2009
Once again, a must-read, but this one is also for WordPress users only. Some of it is a little technical, so you have to be comfy getting under the hood of your installation.
Blog Security – Tips on Keeping Your Blog from being Hacked
ProBlogger | September 7, 2006
ProBlogger is always good. This one is pretty straightforward and doesn’t have a lot of “wow, didn’t think of that” advice, but it’s worth a look.
How I’d Hack Your Weak Passwords
One Man’s Blog | March 26, 2007
Good advice on figuring out a password that works for you, and not the hackers.
Interesting stuff I saw online, Aug. 12 to Aug. 14
Here’s some of the stuff I thought was interesting while stomping through the Internet from Aug. 12 through Aug. 14:
- Video: Social Media Revolution – Great video, lots of stats about the boom in social media growth. Thanks @stevebuttry
- Employers Are Freaking Out About Twitter and Facebook, Study Shows – Fascinating Citizen Media Law Project post includes hysterical example of dumb employee, Facebook and her boss.
- The 7 Deadly Sins of Blogging – "The same problems come up again and again, keeping bloggers from building a real audience for what they have to say. So how about you? Do you commit one of these seven deadly sins with your content?"
- News numeracy: online tools for reporting numbers – Journalism.co.uk: "Following on from Steve Harrison’s excellent two-part guide on news numeracy, ‘How to: get to grips with numbers as a journalist’, here’s a round-up of some of the best online tools and sites for journalists when reporting figures and stats."
Interesting stuff I saw online, Jun. 1 to Jun. 8
Here’s some of the stuff I thought was interesting while stomping through the Internet from Jun. 1 through Jun. 8:
- Boston Police Would Tweet A Zombie Attack | NewsTechZilla – "I love things like this; when an organization or company I assume is otherwise faceless is able to properly use social media (by, gasp, being social), it always kind of makes me happy."
- ConvoTrack – Loads comments from Twitter, digg, etc. on any page – "This simple bookmarklet will load comments from Twitter, FriendFeed, Digg, Reddit, HackerNews and any blog mentioning the article and will load it in a handy sidebar."
- 50 Great Examples of Data Visualization – "Below are 50 of the best data visualizations and tools for creating your own visualizations out there, covering everything from Digg activity to network connectivity to what’s currently happening on Twitter."
- Is this useful? An account of how I started blogging and how it changed my journalism – "Pete told me this was known as “crowd-sourcing” and had a wide range of potential applications for newspapers. I can not stress enough how helpful it was to have someone that I could call to have coffee with and pick their brains on how the web “worked”. I started to look at journalism in a new way through Pete’s explanations of blogging."
Interesting stuff I saw online, Mar. 30 to Apr. 20
Here’s some of the stuff I thought was interesting while stomping through the Internet from Mar. 30 through Apr. 20:
- Chicago Tribune: Newspapers try to maintain civil, intelligent conversations with readers – News organizations increasingly are trying to figure out how to maintain conversations with readers while keeping the discourse civil and thoughtful. The reality is, love it or not, if readers aren't allowed to chat on your Web site, they'll simply go somewhere else to do it.
- Listening to the Dot-Comments – washingtonpost.com – Doug Feaver, "writing in defense of the anonymous, unmoderated, often appallingly inaccurate, sometimes profane, frequently off point and occasionally racist reader comments that washingtonpost.com allows to be published at the end of articles and blogs." It's a wonderful column.
- Leading your staff into the Twitterverse « Transforming the Gaz – Steve Buttry's beginner's list for journo-Twitterers: "This is the tip sheet I will suggest that editors read after the seminar. While this is geared for top newsroom leaders, some of the advice should be helpful to any journalists who are not experienced with Twitter."
- 10,000 Words' Landmark moments in citizen journalism – 10,000 Words: "Depending on whom you ask, citizen journalism is either pushing journalism forward or is unaccountable vigilantism. Either way, it is shaping the way we consume our news….The following is a timeline of events in which ordinary citizens shaped the news, followed by an analog description of each landmark moment."
Interesting stuff I saw online, Mar. 24 to Mar. 30
Here’s some of the stuff I thought was interesting while stomping through the Internet from Mar. 24 through Mar. 30:
- Newspapers Fail To Harness Readers' Social Power – MarketingVOX – From Gartner Group: "In the face of declining circulations, falling offline and online revenue, and competition from digital sources, newspapers have not taken adequate steps to integrate social media tools into their content management 'ecosystem,' the report said, adding that the most important task for newspapers now is to prioritize the integration of social media into a current or future content management system."
- Top 20 Ways to Share a Great Blog Post – Mashable: "Luckily, there’s no shortage of ways to spread the word. Blogs, social networks, instant messenger, and mobile phones are some of the many ways to let others know about the best content on the web."
- Using Social Media to Reach Young Readers – Nieman reports: "We also realized that her story would be of great interest to the community and her college-aged peers in particular, most of whom don’t read the daily newspaper. So we had to find different ways of reporting and bringing the story to them."
- Newspapers: 5 Ways to Avoid Extinction – "Following these five business practices may not solve all the problems. Each newspaper has its own personality, formed by the relationship between its journalists and readers, and governed by forces that extend beyond the marketplace. It’s up to each publisher to consider the options and make decisions. Doing nothing is not an option."
Kurt's Tweets- Funny. SW airlines magazine bothers to mention that pacemakers are always authorized electronic devices. #fb
- A disgrace, St. Louis. People still litter? http://post.ly/OUsk
- Redemption for Lindsey Jacobellis in snowboardcross? Only click if you really wanna know. http://bit.ly/99OgbM
- West Countians: If you're in the market for a pancake supper tonight, there's one here: http://stmartinschurch.org.
- The fiddling continues, even as Rome burns.