Adventure | hacking

Assassination: U.S. Payback For Russian Hacking?

Has the United States begun payback activities against Russia for their ambitious hacking attacks and roll in attempting to influence our presidential election in favor of Donald Trump?

Did The U.S. Covertly Orchestrate The Assentation Of The Russian Ambassador to Turkey?
During both the primaries and presidential election WikiLeaks released a seemingly never-ending series of emails allegedly gained through hacking of the DNC (Democratic National Committee) and the personal emails of John Podesta, Hillary Clinton’s 2016 presidential campaign Chairman. This email scandal has been well documented from many angles, but what has NOT been covered much to date is… What Is the United States going to do about aggressive foreign governments hacking into computer and data storage systems belonging to our U.S. government, business entities and citizens of the United States of America?

It is alleged by various government agencies, congress members, news agencies and others that the Russians are behind the hacking that furnished WikiLeaks with the email documents that were publically published; emails that exposed a great deal of sensational information that has proven to be damaging in many respects. My big questions are… did the Russians hack Hillary Clinton’s personal email server and thereby gain access to classified government information? Did the Russians distribute and/or secretively leak information to various terrorist groups? Was the classified information gleaned from Hillary Clinton’s illegal personal email server setup to bypass the secured government email servers responsible for the U.S. Benghazi Embassy attack?

So now what? What actions will the United States take as retribution? Perhaps the bigger question is… what will the U.S. do to prevent hacking, stealing of America’s secrets, the plundering of intellectual property, sabotaging the U.S. economy and infrastructure or permitting our enemies to pull-off a repeat performance whereby they interfere with our free elections and worse in the future?

My Opinion: Condensed Event Sequence Leading Up To The Russian Ambassador Killing
1. As Secretary of State Hillary Clinton sets up private email server bypassing secured gov system.
2. Hillary Clinton’s private email server and likely other devices she and support staff used are hacked by the Russians and up to four other countries.
3. The Russians and / or other countries sold, traded or gave highly classified documents to terrorists and / or potential enemies of the United States. 
4. These docs included info on U.S. embassies and more specifically, our counter terrorist operations being run out of the U.S. embassy in Benghazi.
5. This information outraged the terrorists in and around the Benghazi area.
6. Provoked and inspired terrorist using classified details of the Benghazi embassy operations docs gained through Russian hacking of Hillary Clinton’s email server planned and executed the attack on the Benghazi U.S. embassy.
7. To Russia with love… The U.S. begins Russian payback by covertly orchestrating the public assassination of the Russian ambassador to Turkey – an ambassador for an ambassador, Andrey G. Karlov in retaliation for John Christopher “Chris” Stevens.

Connect The Dots……
So why did so many people in the Obama administration, including the “extremely careless (negligent) Hillary Clinton”, lie to the American people about why the American embassy in Benghazi was attacked using a false narrative to blame it on a video? I offer you that the lie told was to cover-up of one of the worst security breaches, if not the worst ever, in the history of the United States of America… coordinated by the one and only former Secretary of State Hillary Clinton through her careless and reckless use of a personal email server setup for the express purpose of illegally bypassing America’s secure government communication systems.

Hillary, President Obama and other high ranking administration officials almost certainly knew Hillary’s email server was hacked before the Benghazi attack. Knowing how secretive much of the stolen documents were, they knew and could speculate how this information could and would likely be used by our enemies. I speculate that our government realized almost immediately that the Benghazi Embassy Attack was an indirect result of Hillary’s private email server being hacked and compromised.

This particular hack resulting in stolen information was way too damaging, too embarrassing and too shameful for the truth to be made public. After all, it would have ruined Hillary’s career and any chance of her making a run for president were it to become known and of public knowledge. More importantly for the Obama administration, it would greatly tarnish President Obama’s legacy. How would such a negligent security breach affect America’s reputation and standing in the world? How would it look to Americans if they were to find out the truth about how negligent Hillary actually was and the fact that those responsible for overseeing the Secretary of State turned a blind eye. Nobody enforced the strict operational policies, procedures and rules when it came to protecting America’s secrets. Respect, what respect? So many at the top level of the U.S. government, including President Obama, not only knew the video was not the cause of the Benghazi embassy attack but also knew it was more likely connected to the hacking of Hillary’s private server.

U.S. Involvement In Russian Ambassador’s Assassination?
Now lets return to focus on the assassination of the Russian ambassador to Turkey. Interestingly and so telling, as of the time of this post I have not come across news reports that confirm any terrorist group, not ISIS, not Al Qaeda or any other terrorist entity has officially claimed responsibility for the Russian ambassador’s assassination. History indicates that terrorist groups seem to all share something in common, they are proud of their attack successes whether it be against those they deem to be guilty or innocent, Muslims or Infidels, it doesn’t matter to them.

Is the United States responsible?

America may have a lot of “an eye for an eye” and “a tooth for a tooth” retaliation to get around to… but, it is my opinion the United States government should start by punishing the one person responsible for related deplorable acts of treason – Hillary Clinton.

Continue Reading

WordPress: How To Stop Hacker & Creepy Crawler Spam Attacks

Block Hacker & Spammer Attacks

Recently I discovered how to setup an enhanced Real-Time hacker and spammer security solution, and it’s totally Free. It creates a “trap” for malicious hackers, spiders, bots and crawlers.

If you want to take a huge byte out of resource robbing creepy crawler spam bots and human hackers alike, this article will provide easy instructions about how you can setup this security trap to guard against attackers on any WordPress site.

See Real-Time blocking in action… It really works!

Did You Know?

These monsters are responsible for a huge number of attacks on your site as well as mass Spam User Registrations!

    What It Can Do

  • Block and lockout malicious crawlers, hackers and bots.
  • Prevent auto bots from posting comments if you require registration.
  • Stop automated bots from making posts.
  • Block / Lockout malicious human attackers and hackers.
  • Prevent re-registration of deleted spam users.
  • …and much more!

Effective Security Against IP Rotation Spoofing And Forging

While nothing can stop, block or lockout 100% of hackers and spammers, this security combo trap is able to lock-out a large percentage of creeps and humans having bad intent. Even those who are using rotating IP’s, spoofed IP’s and even visitors using forged IP addresses. The IP is not locked out permanently but long enough for most hacksters and spam-misters to give up and move-on to another potential victim.

I’m not trying to sell or peddle anything here. This trap is a combined solution I put together that helped me immensely so I thought I would share it with others. It immediately started blocking malicious spiders, crawlers, potential hackers, locked-out deleted spam users and bad bots before they could do damage, login and/or re-register.

The Epidemic

Even if you just have one WordPress website, sooner rather than later, your site will become prey for countless human hackers and the never ending streaming plague of spamming hacking crawling spider bots; the scourge of the web.

You see, whether or not you have registration and/or comments shut down the creepy crawler spam bots continue their spider-like activity of trying to hack, register, leave comments, do trackbacks and crawl your site, page after page, at lightning speed looking for vulnerable URL’s and user names to exploit. If they only find one user name they assume it belongs to the administrator or a high level user of the site and then use it for an attempted log-in with the belief that if successful they can carry out their missions unobstructed. Otherwise they will try the username “admin” and any number of user names associated with content found on your site. If you have this trap setup properly then that malicious crawler or human will immediately get blocked. Legitimate crawlers and bots are never programmed to do this.

Crawler-bots can and will automatically register many thousands of users. Then they visit often dropping spam comments and posting poorly written spun content until they overload and break your site.

Unless you have a more powerful than average hosting plan it is likely they are already slowing down your site by stealing valuable server resources of bandwidth, CPU, ram memory and the number of concurrent connections your hosting account can support.

These bots can cause abnormally high page load times and trigger temporary denial of service to legitimate visitors.

Unfortunately, no single solution seems to work very well and enterprise level solutions are expensive, making them prohibitive for the vast majority of owner-webmasters.

Invisible and Silent Criminals

One of the problems we face when trying to stop this plague of humans and bots is we don’t see them coming and we don’t know who they are before or after the damage is already done.

However, with the right type of security plugins we can identify a small number of them before and a much larger number after. But this really falls short and takes a lot of hands-on personal time on our part to monitor, analyze and manage these free security solutions in helping to stop these criminals.

Unfortunately most of our efforts will only guard against possible future visits after the initial damage is already done. We become forever trapped in a cycle of personal time wasting involvement if we are to guard against future bots and human attackers.

The Admin Trap

Let’s set an automatic trap that catches a large number of both humans and bots in the act… before they do their damage!

This particular trap is based on the premise that most ill intentioned humans and crawlers test for the ‘admin’ user. Most wicked human spammer-hackers just can’t resist doing this and it seems that the majority of nasty crawlers are programmed for it. These crawlers are also responsible for bulk spam registrations and automated spam bot user log-ins. So when you block and kill a spider you also block a bunch of future spam registrations.

Using free WordPress security software plugins and painstaking observation I learned that attempting to login as administrator is one of their fist malicious activities when landing on a website. Almost all will try to login to WordPress sites as the administrator user, which by default installs the user “admin” and/or using the administrator’s “nickname”.

We can catch and stop a large number of these malicious visitors before they do damage by capturing and using their IP address against them using some specific security action rules found I found in the Wordfence Security plugin for WordPress combined with changing the name of the WordPress default administrator user. Then I made sure to give the new administrator user a nickname. A recommended security practice is to make sure all users create and use public nicknames rather than their actual user names.

Steps To Set-Up The ‘Admin’ Security Trap

    Step 1

  • Install the free or pro version of the Wordfence Security plugin.
    • Go to Wordfence options. Most of the best action options are pre-selected by default but you must manually select several additional optional actions as part of creating the “Admin Trap”.
    • You might want to turn-off automatic scanning because it can frequently use a lot of server resources while in action.
    • Adjust the “Firewall Rules” as you feel is best for your site.
    • Under “Login Security Options”
      1. 1. Make sure you limit login attempts. I am using 3 login failures and 2 password recovery attempts.
        2. I am counting failures over 30 minutes because I want as many as possible deleted spammers and creepy bot users to get locked out next time the crawler or human spammer comes back.
        3. IMPORTANT: Select a long lockout period. I am using the max of 60 days.
        4. IMPORTANT: Put a check in the box for “Immediately lock out invalid usernames”.

      **Note: Items 3 and 4 above are critical to creating the trap.

    Step 2

  • Change (rename) the admin user to whatever works for you. To make it easy to remember I just added a couple of initials to the original admin name. Caution, do not change the password at the same time. The administrator username “admin” is located in the WordPress “wp_users” database table for your specific site. You can easily access and edit it directly using, “phpMyAdmin”. This database administration tool is found in most hosting account management panels.
  • Alternately you can install a “Rename Admin” plugin to accomplish the task. I have used both methods. After the change you can delete the plugin if desired. The recent plugin I used for this had not been tested with WordPress 4.0 but it worked just fine.
  • Important!… log into your WP admin area as administrator using your new administrator username. Go to “Your Profile”. Give yourself a public nickname (alias or pen name) that is different than your new admin user name. This is part of the sucker trap. When any user tries using the nickname to login they will instantly get blocked and locked-out.

From this moment on when the hackers and spammers, humans and bots, visit your site(s) this security software configuration will catch, stop and automatically block them for relatively long periods of time.

One Last Security Tip

So immediately prune / delete your spam and zombie users (users without approved posts or comments) as well as spam comment users. Also, optionally close user registrations and/or comments. Spammers and auto bot registered users generally don’t use or have nicknames associated with their profile. Many of them also have impractical to use or remember email address.

With this security trap you can not only stop, block and deter crawlers from future crawls and logins, you can also stop, block and deter returning human spammers also. It works because anyone trying to login using a non-existent user name automatically gets blocked and locked out based on their IP address, meaning they cannot even re-register for up to 60 days – long enough that they may go pick on some other website and scratch yours off their list.

Now you have it – “The Hacker Spammer Admin Trap”.

Need an extra payroll day?

Continue Reading