go to sections menu

Security Updates from blog The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: General commentary > Security Updates

Go to Homepage, contents or to navigation menu

Security Updates

I really want to take this opportunity in thanking Shaun for his hard, dedicated work on the recent issues that have plagued the blog as of yet.

As users know, I had been the only one dealing with the blog and no plug ins except for a few recommended ones I found and installed based on recomendation.

Last time I had an influx of spam, I had turned off registration because that was the only thing I could find to do.

I’ve tried installing recaptcha on MENVI’s web site on its forms and was never successful.

I really like the idea of what version 3 has to offer, leaving users alone unless there is a very valid reason for it to do so. That is why I tried to implement it there, and was never successful. I read the documentation, and never got it to work.

Thank you Shaun for your dedication, and I hope to continue to have you as much as I can for what time you can give. You’re very valuable and I think the blog should see this.

Thanks for reading, and enjoy your day!

Informazioni sull'articolo

Security Updates was released on July 28, 2020 at 11:00 am by tech in General commentary.
Last modified: July 28, 2020.

Comments (1)

  1. Comment by crashmaster date 28 July 2020 alle 12:15 (),

    Hi jared, and thanks for the down time.
    I have used literally the entire 2 days I have had available on this.
    Initially I was concerned I was killing the wrong users but decided after I couldn’t find a good automatic plugin to just wipe everything in the database which I didn’t know about and that wasn’t an admin.
    The logical captcha did its job but as I mentioned to jared I never have a good grasp of math.
    I can do semi basic times tables reasonably well if I think about it.
    I can do simple add and subtract reasonably quickly but anything else and its beyond me so I needed to keep the logicals quite simple.
    That wasn’t because of spam as such it all started near the beginning of this year in fact while in lockdown when I decided to add extra features.
    Multiple emails so I could actually see what jared saw with admin notices.
    Custom pages and 404 custom error pages to expand th error messages.
    Automatic accessibility tools should I the admin need them for whatever reason.
    And finally php and health diagnostic plugins, for the times I need to troubleshoot.
    For a while I have depended on zero spam but with jetpack the main wordpress interface we use here making available core web functionalities from its servers for basically nothing bar a few things, I decided to do something about it.
    Especially now with the ssl domain, really simple ssl cert configurator and the like, I decided to just wing it.
    Akismet was never on the cards for me to handle but when jetpack decided to just natively support it early in the year I decided to just wing it.
    Initially I had 0 spam on but something turned it off and I suspected it was conflicting so got rid of it.
    2 days ago well I guess 3 now, a large influx of registrations from users started happening a lot.
    At first I let it go, but by the second day when it hasn’t let up I decided to handle it.
    Firstly I decided to install a plugin to have only humans approve registrations.
    This worked in well not having users appear in my email box, but they still appeared.
    I then tried to increase spam protection with honey pot captchas on top of my captchas pluss a few extras like this and it didn’t even phase the bots.
    Finally I decided to uninstall everything including logic captcha, yes it could have been more complex but I’d have to pay to get word captcha and becides maths is my weakest link.
    I tried to have a confirmation plugin for login but I mustn’t have been doing the codes right because it completely locked me out of the site unless I used wordpress to get in.
    Wordpress sadly is not always that forgivving with logins, that is it doesn’t always allow login, technically it is supposed to link with apple and google but it doesn’t complete and well thank god it had a email link is all I can say.
    After fiddling round a lot I made the decision to kill all the users I could and kill the security systems that were in place.
    Originally I had looked at nocaptcha recaptcha and found it interesting.
    My issue with invisible or challenge v2 recaptcha is that its to intrusive on users, certainly to login and need it just wouldn’t work but it was fast looking like that would happen at least for registration.
    Simple captcha recaptcha does what it does and just runs.
    I don’t know how to program things as such so I need a load and forget approach with a configuration inbuilt rather than a code things to make it work.
    It was easy enough to put things in.
    v3 captcha is score based.
    There is an explanation on recaptcha, basically it uses the cloud to handle all the requests and its a free thing.
    I am not sure how it determins if you are bad or not but if this is anything like google’s spam mail I know google gets it right 99.9% of the time with what is or isn’t spam and rarely do I need to clear my spam or in fact allow a message through though it does happen and I do check daily.
    If you do see you have a problem with this system and you are not spam email the admins and we will just add you manually.
    This plugin doesn’t seem to have any slowdowns so who knows.
    I like the fact it will just work with standard forms to.
    To be honest I am happy this is happening during winter.
    Since lockdown ended I have been changing my life to suit various things.
    My aunt has no job and so supporting her is still one om my priorities.
    Every friday I go out with family, dad and mum mainly and there are a few other things to.
    So while I do use the computer a reasonable amount especially when the weather is good, my time has been reduced.
    I’ve been working off and on in the mornings of the last 2 days and yeah looks like it works now and works like it should you don’t even know the site is secured.
    I mean I do because I put it there and everyone else that reads it knows because I am posting about it but the spammers won’t unless they look there is probably a way for them to know.
    I am unsure how the scoring system works but as long as it keeps things out well.
    My plan if this does not work as expected will be to switch back to the v2 ultra invasive captcha, and leave it off on the login form but I don’t think it will go this way.
    I have checked the users database and well nothing is beeing added to it.
    Now saying that, for any users effected in the perge, just register most likely unless you are just unlucky you will just get in and it will just work.
    Thanks jared for putting up with me and not going off at me when I started smashing the database with a wrecking ball.

Leave a comment

You must be logged in to post a comment.

go to sections menu

navigation menu

go to sections menu