Bad Neighborhood Blog

PuzzCAPTCHA v1.1 Released

Michael VanDeMar — Mon, 21 Jul 2008 20:34:09 +0000

I tracked down and fixed a logic error that was in the prior version. The plugin now works as intended and is tested up to WordPress 2.5.1. I hope to be looking into testing and making any necessary adjustments for 2.6 shortly.

Please download the latest version here:

http://www.bad-neighborhood.com/puzzcaptcha.htm

Login LockDown Now Compatible With WordPress 2.5.1

Michael VanDeMar — Mon, 16 Jun 2008 00:35:07 +0000

Sorry for the delay on updating, but Login LockDown 1.2 has now been released. I fixed the issue that was causing it to not function correctly with WP 2.5 and up.

Version 1.2 is not backwards compatible, so anyone needing the plugin for WordPress 2.3.3 or earlier will have to use version 1.1. I provided links to both versions on the download page, however, as I mentioned there, if you are not running WordPress 2.5.1 or higher then you are open to having your WordPress hacked. I strongly suggest that anyone who still has not upgraded to do so.

Quick Note On Project Honeypot, and Database Restructuring

Michael VanDeMar — Fri, 22 Feb 2008 05:07:40 +0000

Just to let you guys know, it looks like the IP address that Bad Neighborhood runs on has been added to Project Honeypot (IP data can be viewed here). I had thought that you actually had to spam someone after hitting a honeypot in order to get added to the blacklist, but a friend of mine is running http:BL on her site, and the crawler is blocked from seeing her content.

I am looking into getting off the blacklist, but until I do some of you may notice certain website returning erroneous 404’s, just so you know.

Also, today I spent a good part of the day modifying the structure of the tables that hold the data for the Google Multi-DC Rank Checker and Yahoo Multi-Keyword Rank Checker.

Hopefully those of you who enjoy the use of those tools will notice better performance on them now. Also, I apologize for any slowdowns the data migration may have caused today.

Thanks.

New Advertising Opportunities On Bad Neighborhood

Michael VanDeMar — Mon, 29 Oct 2007 06:00:48 +0000

I just added new advertising opportunities on the Bad Neighborhood website. Click here for more information: http://www.bad-neighborhood.com/sponsor-us.htm

Keyword Suggestion Tool Based On AOL Leaked Data Is Back

Michael VanDeMar — Tue, 04 Sep 2007 20:49:22 +0000

The Keyword Suggestion Tool based on AOL Leaked Data is back online.

Site Back For The Most Part

Michael VanDeMar — Tue, 04 Sep 2007 08:13:26 +0000

Despite the loss of all historical data, the site is back and fully functional, aside from one tool. The Keyword Suggestion Tool based on AOL Leaked Data is currently offline. I will have to re-crunch the data from the original files, and am not sure yet how long that will take. I apologize for the downtime.

Thanks.

Current Outage

Michael VanDeMar — Mon, 03 Sep 2007 03:26:07 +0000

The server where I have Bad Neighborhood has been down now for 24 hours. I have the site mostly moved over to the new server now, but am missing certain databases. I am trying to get the backups now. I will post as soon as I am up and running again.

Login LockDown 1.1 Released

Michael VanDeMar — Sat, 01 Sep 2007 21:19:54 +0000

A minor compatibility issue with a MySQL statement in the Login LockDown Security Plugin has been fixed. The old version, 1.0, was using a MySQL function that did not become available until MySQL 4.1.1, whereas WordPress only requires MySQL 4.0. Only those who were getting a MySQL error after activating the plugin would need to upgrade to Login LockDown 1.1.

Login LockDown – A New WordPress Security Plugin

Michael VanDeMar — Wed, 29 Aug 2007 14:51:41 +0000

I am happy to announce the release of Login LockDown, a new plugin for WordPress, designed to help increase security and reduce the chance of someone hacking into your WordPress installation.

With the way WordPress is currently set up, attackers are free to use bots for a brute force style of attack that simply guesses at the admin password until they come up with the correct one. There are a couple of solutions out there, each with their own drawbacks. One solution suggested is to restrict which IP’s that can access the wp-admin folder via .htaccess. The two problems with that is that it inhibits regular users from seeing their user preference page once they log in (which is the default page a user sees), and not every blogger is going to be logging in to their blog from the same IP all of the time.

Another solution involves a plugin that sets up a secondary password using Basic HTTP Authentication. While this will thwart many of the generic bots out there, if a blog is specifically targeted it is easy enough for a hacker to code a bot that will send repeated attempts against that login method as well, and again it does interfere with non-admin users when they attempt to log in (which is really a pain if the admin requires registration in order to comment).

Login LockDown takes a different approach. Every failed login attempt is recorded, along with the timestamp of the attempt and the IP address of the user. If a user tries (and fails) to log in too many times within a certain time period, the system then blocks any login requests coming from that IP range until the lock-out is released. The lock-out period defaults to 1 hour, although that can be changed within the admin panel. The number of retires and the time period that they occur within in order to trigger a lock-out are also configurable from the admin section, and admins do have the ability to release an IP block manually (assuming of course that they haven’t locked themselves out ).

The download link for the plugin, as well as the instructions, are located on the Bad Neighborhood website, here: Login LockDown v1.0

Issue With Bad Neighborhood Scanner Resolved

Michael VanDeMar — Mon, 27 Aug 2007 01:59:18 +0000

There was an issue with attempting to scan certain urls causing the scanner to fail. I thought I had fixed it, but found out it was still happening with requests to scan SSL (HTTPS) sites. I modified the way the urls are passed through the AJAX calls and everything appears to be working again. Please let me know if anyone encounters any more issues.