Adventure | DIY

WordPress: How To Stop Hacker & Creepy Crawler Spam Attacks

Block Hacker & Spammer Attacks

Recently I discovered how to setup an enhanced Real-Time hacker and spammer security solution, and it’s totally Free. It creates a “trap” for malicious hackers, spiders, bots and crawlers.

If you want to take a huge byte out of resource robbing creepy crawler spam bots and human hackers alike, this article will provide easy instructions about how you can setup this security trap to guard against attackers on any WordPress site.

See Real-Time blocking in action… It really works!

Did You Know?

These monsters are responsible for a huge number of attacks on your site as well as mass Spam User Registrations!

    What It Can Do

  • Block and lockout malicious crawlers, hackers and bots.
  • Prevent auto bots from posting comments if you require registration.
  • Stop automated bots from making posts.
  • Block / Lockout malicious human attackers and hackers.
  • Prevent re-registration of deleted spam users.
  • …and much more!

Effective Security Against IP Rotation Spoofing And Forging

While nothing can stop, block or lockout 100% of hackers and spammers, this security combo trap is able to lock-out a large percentage of creeps and humans having bad intent. Even those who are using rotating IP’s, spoofed IP’s and even visitors using forged IP addresses. The IP is not locked out permanently but long enough for most hacksters and spam-misters to give up and move-on to another potential victim.

I’m not trying to sell or peddle anything here. This trap is a combined solution I put together that helped me immensely so I thought I would share it with others. It immediately started blocking malicious spiders, crawlers, potential hackers, locked-out deleted spam users and bad bots before they could do damage, login and/or re-register.

The Epidemic

Even if you just have one WordPress website, sooner rather than later, your site will become prey for countless human hackers and the never ending streaming plague of spamming hacking crawling spider bots; the scourge of the web.

You see, whether or not you have registration and/or comments shut down the creepy crawler spam bots continue their spider-like activity of trying to hack, register, leave comments, do trackbacks and crawl your site, page after page, at lightning speed looking for vulnerable URL’s and user names to exploit. If they only find one user name they assume it belongs to the administrator or a high level user of the site and then use it for an attempted log-in with the belief that if successful they can carry out their missions unobstructed. Otherwise they will try the username “admin” and any number of user names associated with content found on your site. If you have this trap setup properly then that malicious crawler or human will immediately get blocked. Legitimate crawlers and bots are never programmed to do this.

Crawler-bots can and will automatically register many thousands of users. Then they visit often dropping spam comments and posting poorly written spun content until they overload and break your site.

Unless you have a more powerful than average hosting plan it is likely they are already slowing down your site by stealing valuable server resources of bandwidth, CPU, ram memory and the number of concurrent connections your hosting account can support.

These bots can cause abnormally high page load times and trigger temporary denial of service to legitimate visitors.

Unfortunately, no single solution seems to work very well and enterprise level solutions are expensive, making them prohibitive for the vast majority of owner-webmasters.

Invisible and Silent Criminals

One of the problems we face when trying to stop this plague of humans and bots is we don’t see them coming and we don’t know who they are before or after the damage is already done.

However, with the right type of security plugins we can identify a small number of them before and a much larger number after. But this really falls short and takes a lot of hands-on personal time on our part to monitor, analyze and manage these free security solutions in helping to stop these criminals.

Unfortunately most of our efforts will only guard against possible future visits after the initial damage is already done. We become forever trapped in a cycle of personal time wasting involvement if we are to guard against future bots and human attackers.

The Admin Trap

Let’s set an automatic trap that catches a large number of both humans and bots in the act… before they do their damage!

This particular trap is based on the premise that most ill intentioned humans and crawlers test for the ‘admin’ user. Most wicked human spammer-hackers just can’t resist doing this and it seems that the majority of nasty crawlers are programmed for it. These crawlers are also responsible for bulk spam registrations and automated spam bot user log-ins. So when you block and kill a spider you also block a bunch of future spam registrations.

Using free WordPress security software plugins and painstaking observation I learned that attempting to login as administrator is one of their fist malicious activities when landing on a website. Almost all will try to login to WordPress sites as the administrator user, which by default installs the user “admin” and/or using the administrator’s “nickname”.

We can catch and stop a large number of these malicious visitors before they do damage by capturing and using their IP address against them using some specific security action rules found I found in the Wordfence Security plugin for WordPress combined with changing the name of the WordPress default administrator user. Then I made sure to give the new administrator user a nickname. A recommended security practice is to make sure all users create and use public nicknames rather than their actual user names.

Steps To Set-Up The ‘Admin’ Security Trap

    Step 1

  • Install the free or pro version of the Wordfence Security plugin.
    • Go to Wordfence options. Most of the best action options are pre-selected by default but you must manually select several additional optional actions as part of creating the “Admin Trap”.
    • You might want to turn-off automatic scanning because it can frequently use a lot of server resources while in action.
    • Adjust the “Firewall Rules” as you feel is best for your site.
    • Under “Login Security Options”
      1. 1. Make sure you limit login attempts. I am using 3 login failures and 2 password recovery attempts.
        2. I am counting failures over 30 minutes because I want as many as possible deleted spammers and creepy bot users to get locked out next time the crawler or human spammer comes back.
        3. IMPORTANT: Select a long lockout period. I am using the max of 60 days.
        4. IMPORTANT: Put a check in the box for “Immediately lock out invalid usernames”.

      **Note: Items 3 and 4 above are critical to creating the trap.

    Step 2

  • Change (rename) the admin user to whatever works for you. To make it easy to remember I just added a couple of initials to the original admin name. Caution, do not change the password at the same time. The administrator username “admin” is located in the WordPress “wp_users” database table for your specific site. You can easily access and edit it directly using, “phpMyAdmin”. This database administration tool is found in most hosting account management panels.
  • Alternately you can install a “Rename Admin” plugin to accomplish the task. I have used both methods. After the change you can delete the plugin if desired. The recent plugin I used for this had not been tested with WordPress 4.0 but it worked just fine.
  • Important!… log into your WP admin area as administrator using your new administrator username. Go to “Your Profile”. Give yourself a public nickname (alias or pen name) that is different than your new admin user name. This is part of the sucker trap. When any user tries using the nickname to login they will instantly get blocked and locked-out.

From this moment on when the hackers and spammers, humans and bots, visit your site(s) this security software configuration will catch, stop and automatically block them for relatively long periods of time.

One Last Security Tip

So immediately prune / delete your spam and zombie users (users without approved posts or comments) as well as spam comment users. Also, optionally close user registrations and/or comments. Spammers and auto bot registered users generally don’t use or have nicknames associated with their profile. Many of them also have impractical to use or remember email address.

With this security trap you can not only stop, block and deter crawlers from future crawls and logins, you can also stop, block and deter returning human spammers also. It works because anyone trying to login using a non-existent user name automatically gets blocked and locked out based on their IP address, meaning they cannot even re-register for up to 60 days – long enough that they may go pick on some other website and scratch yours off their list.

Now you have it – “The Hacker Spammer Admin Trap”.

Need an extra payroll day?

Continue Reading

DIY Fix & Repair For Car Doors That Will Not Close

You are out and about and your car door suddenly won’t close and stay shut. Or perhaps your car is just parked under your carport in your driveway and as you prepare to leave for a short trip. You open a back passenger car door to load in the kids. Surprise, your car door will not stay closed. What are you going to do?

You should find the following information on how to fix car doors helpful for the majority of cars, trucks and vehicles.

If your car door will not stay shut CALL the National Highway Traffic Safety Administration (NHTSA) @ 1-888-327-4236 to file a complaint! OR
File A Complaint Online!

Repairing A Car Door That Will Not Latch Closed

Many older car models have what I would describe as less complicated strictly mechanical door latching mechanisms that are not so technically and electronically integrated into the car’s computer and other system features. Compared to most of the newer car models these older vehicles are much easier to fix and often the repair is very simple. Older cars are the holly grill for the do it yourself car door repair. Unfortunately these easy to fix vintage cars are disappearing from the road at an alarming rate.

If you own a newer make and model vehicle you are most likely out-of-luck when it comes to an easy do-it-yourself fix. Most newer cars have electronically activated door latching and locking mechanisms that are intricately integrated with the vehicle’s electrical system and computer. These include a host of convenient bells and whistles.

Electrically activated door locks, in-motion automatic door locking triggers, on dash door ajar warnings, overhead dome and dashboard lights are common accessories on most vehicles today. All are combined and/or dependent on your vehicles door latch working correctly. These convenient and safety accessories complicate the diagnosis and repair of vehicle doors that will not stay closed. Hardly a novice DIY job!

Options For Fixing Vehicle Doors That Will Not Latch Shut And Stay Closed

The repair options below will cover the majority of situations where vehicle door latches are not working.

    3 Kinds Of Car Door Latch Repairs

  • Option 1: Rotate The Door Latch Back Into Correct Position. This should be your first go to choice for repairing a car, truck or vehicle door latch of any kind, make or model. It is simple, straight forward, and also serves as a general diagnostic test. All you need is a small diameter stiff rod or bar of some kind to complete this repair or test the latch to determine if it is actually broken internally or just stuck in the incorrect rotational position. Almost any screwdriver works well for this type of fix but a stick, a pen, or similar object will often do it too.

    Swing the door open and take a very close look at the actual latch opening on the edge door itself, NOT the door jam. This is where the rotational portion of the hook-shaped latch is located on most doors. When the door is open the correct position for the hook is open so that it will accept the latch bar located on the door jam into the hook and then rotate closed when you close the door.

    If you find the latch in the closed position do the following. While lifting the door handle, as if you are opening the door, rotate the latch back to the open position. This will fix a car door latch that has rotationally malfunctioned. Note: This is the only simple and easy method to fix a car door that will not stay closed that I know of. If anyone knows of any other method(s) please comment on this post.

    The broken door latch test. Using your tool of choice and without lifting the door handle check to see if the hook-shaped latch will rotate freely to the open and closed positions. If it rotates freely then the latch is almost certainly broken internally and will require a fairly major repair effort to replace a broken car door latch. On most vehicles you will likely need to remove the door panel to even get to the latching mechanism. Warning: door panels can be very difficult to remove and put back on without doing visible damage.

  • Option 2: Temporary Car Door Fix
  • Obviously a car door that will not stay shut is dangerous and represents a liability as well as a safety concern. Until you can get your vehicle to the shop or while your are waiting til you can afford the repair your vehicle should not be driven around with a car door freely swinging open and closed. The temporary solution is to tie, strap or bungee the door closed. You must draw the door very tight replicating a normally closed door or your door ajar warning system, the dome and dash lights, and the annoying warning noise maker will remain on and active; potentially draining your car’s battery. I suggest using ratcheting tie down straps with hook ends to draw your door or doors closed. You can purchase them cheaply, around $11 for a set of 2, at most Walmart stores in the automotive department. I have seen them priced at around $20 for just a single strap in hardware and automotive stores. These will enable you to easily draw most doors tight enough to trick your car into thinking the door is closed properly.

  • Option 3: Replace or Repair The Door Latching Mechanism

    As mentioned previously, most door panels are difficult to remove without doing cosmetic damage to the panel, breaking panel door fasteners, and quite possibly damaging some inner door parts or electronics. With the cost of this repair (parts and labor) hovering around $300 and up it is understandable why you would want to consider it as a DIY car door repair job.

    Being formerly employed in a repair services industry I have encountered many DIY repairs where do-it-yourselfers were unable to complete the repair, did damage, and in some cases the damage they caused could not be repaired properly short of replacement.

    If your vehicle has any of the above mentioned car door accessories my sincere suggestion and best advice is that you take your car to an authorized service dealer that corresponds with your vehicle’s make and model where they have the correct parts, tools, expertise, and technical instruction manuals to correctly repair your broken car door.

Continue Reading