Several Days and Running

Having read the following words

“Your site had no issues in the past 24 hours”

sent from Grammar Captive’s host server, Lunarpages, for several days in a row strongly suggests that the measures recently undertaken to defend Grammar Captive against renewed cyber attack is working.

In the meanwhile progress is being made with the integration of Matomo into the Grammar Captive website.

The first page to be tracked will be Grammar Captive’s landing page — namely, www.grammarcaptive.com/index.html.  The tracking will combine two fundamental tracking concepts:  content tracking and event tracking.

The idea is to discover whether first comers choose the freeman or the captive, and whether those who choose the captive ever return to choose the freeman once they have viewed the captive video.

Roddy

Matomo Moves Forward

The dysfunctional checkbox that allows users to choose whether to receive or not receive a Matomo tracking cookie has been largely resolved.  The internal server error is gone, and one no longer has to manually refresh the page and find one’s way back to the checkbox to see the change.

Although I will continue to work with Matomo in resolving the intermittent blank screen that still appears, users can now take comfort in seeing their desired change take effect immediately.

I will now begin configuring Matomo to do what I have been hoping all along:  provide Google Analytics without Google. The dysfunctional checkbox was an important barrier that needed to be overcome before employing Matomo — user privacy is paramount at Grammar Captive!

Hooray! Hooray! Further development now appears possible.  Look forward to a productive week ahead.

Roddy

Normal User Usage Restored

Having blocked a total of nine IP addresses and implemented the already mentioned defensive measures, user usage has returned to normal.  The crisis appears to be over.

Now aware of the potential for further crisis a daily usage check will be made and corrective action taken when necessary.  It is a small price to pay for security — this despite the enormous amount of time recently spent to understand and correct the problem.

Unfortunately, the mal-functioning, opt-in/opt-out, checkbox for tracking cookies has still not been resolved, but a solution may be forthcoming — a re-installation and relocation of the Matomo software.  Unfortunately, this, too, will be very costly in terms of time, and I am reluctant to proceed until I am sure that it is the cause.

Roddy

WordPress Defense – 4th Measure

Added password protection to the Grammar Captive WordPress login page.  Now when a bot tries to discover the Grammar Captive administrator’s identity and password through numerous repeated  attempts of corrective trial-and-error that exhaust Grammar Captive’s limited CPU and memory resources, it will be denied access.

This password protection is offered by Grammar Captive’s host server Lunarpages and can be implemented using cPanel.

Roddy

WordPress Defense – 3rd Measure

Have installed WP Cerber to shore up additional WordPress vulnerabilities including unlimited login attempts and the abuse of user-password dependent files such as those containing XML-RPC.

As this plug-in includes a variety of options that can be turned on or off at will, it will likely be less resource intensive and thus avoid the kind of internal server errors that have recently been experienced with the introduction of Matomo’s opt-in/opt-out checkbox feature.

Roddy

 

WordPress Defense – 2nd Measure

Just as there are well-behaved and poorly behaved humans so too are there well-behaved robots (Good Bots) and poorly behaved robots (Bad Bots).   Jeff Starr’s  Black Hole for Bad Bots is just the fix for robots that do not honor the wishes of site owners.

In effect, this plug-in allows access to bad bots only once before banishing them forever thereafter.  Good bots that honor a site owner’s wishes are permitted repeated access.  Robots that raise awareness about an owner’s website are good for both potential users looking for certain kinds of information offered by website owners and the sites respective owners.  The Yahoo, Bing, and Google search engines all depend on good bots to collect information for their users.  Bad bots go about the internet looking for personal information such as email addresses and telephone numbers that are then used to their owners disfavor.

You see, no bot (good or bad) is compelled to honor a site owner’s wishes.  Simply those that do not are more likely to be bad bots than good and are consequently banished.  So, if you are a bot owner that is seeking information on the Grammar Captive WordPress site, make sure you honor the robots.txt file that its owner has recently installed, else expect to be permanently bannished.

Roddy

WordPress Defense – 1st Measure

As an important block of single-source, redundant activity on the Grammar Captive website is generated on the site’s WordPress blog page, and as good success has been achieved with the proper WordPress plug-in in the past,  I have installed Jeff Starr’s Block Bad Queries (BBQ) plug-in.

As always with new software — especially of the plug-and_play variety –, I will monitor BBQ’s performance before adding Jeff Starr’s name to the Grammar Captive list of credits.

Just because it is free does not mean that it should not be made subject to good quality control.  After all, reputation means a lot on the internet, and through good reputation commercial exchange becomes possible.

Roddy

Cyber Attack

Although unfortunate on the one hand, it is perhaps a good omen on the other.  Grammar Captive is under cyber siege.  Certianly, it is not clearly understood whether the attack is against WordPress, and Grammar Captive is merely a source of collateral damage; or whether Grammar Captive is, indeed, the direct target. If it is the latter, then it is perhaps a compliment to Grammar Captive’s challenge to the world’s English language industry.

In any case, after the recent installation of the Matomo software, it was noticed that the subsequent placement of the opt-in/opt-out button for cookie-tracking on the Legal/Privacy panel of the Grammar Captive mainpage has led to strange behavior.  Proof of the button’s effectiveness only occurs after the appearance of an internal server error and page refresh.  Observance of this yet to be corrected, unwanted phenomenon led to an investigation that accidentally uncovered a likely attempt to crack the Grammar Captive WordPress password.

The evidence for this unfortunate attack was the many hundreds of hits within the space of a several minute interval on the Grammar Captive WordPress log-in page .  The source of the attack was traced to mainland China and the following domain was blocked:  60.223.252.6.

According to the Who Is? page of the APNIC list of registered domains the source of the attack came from the Shangxi Province.  China Unicom is the owner of the address and has been notified of the abuse.

The entire weekend was spent addressing this twin-problem and several more days will likely be required in an attempt to resolve the time and space issues resulting from the large amount of CPU time and memory that the Matomo software apparently requires  and appear to be the source of the button dysfunction.

Roddy

Privacy, Matomo, and Iubenda

Privacy is something that everyone can appreciate and unfortunately far too many violate.  We are especially vulnerable in this latter regard when we are exploring on the internet.  For it is there where so much information about our behavior, electronic equipment, whereabouts, interests,  inclinations, and time spent is collected without our knowledge.  From this data entire stories can be created about our person that may or may not be true depending on who is collecting the data and creating the story.

In contrast, without data collection it is difficult for service providers to tailor their services to their customers wants and needs.  Accordingly, please do not be surprised that a service provider would collect data about its users that they do not intentionally give.  Indeed, the very nature of human communication demands that more information is exchanged than is ever intentionally given.

What is more, data collection is a two-way street!  How, for example, can a service provider know that his freely offered information, instruction, or advice is not being used for criminal purposes?  He cannot!   In this light, if a user cannot trust the service provider whose data he collects, then why in the world would he be collecting the provider’s data in the first place?

In the end, it is not so much what data is exchanged and collected, but how this data is used.

Grammar Captive makes the assumption that most users do not mind that data about their person or behavior on a given site is collected, so long as it is stored securely and not used to their disbenefit.  And, in good faith Grammar Captive makes no attempt to disguise the nature of the data that it collects, how this data is used, and the purpose of its use — namely,  enhance the user’s experience and thus make Grammar Captive an attractive place for him to spend his time.

With the incorporation of Matomo into the Grammar Captive web application important decision had to be made about what data would be collected and what would not, and to this end Grammar Captive has updated its Iubenda legal advisory.  Please visit the Grammar Captive mainpage and look  for the subheading Legal/Privacy under the heading Other in the navigation bar.

Roddy