Category: Information Station

It may not be in huge numbers. But by golly, if you need information, you’re gonna get information. 😤

(YMMV on whether or not you found it informative…)

Bot Fight Mode!
Hey guys, remember this status where I mentioned GPORG’s 404 logs containing more traces of bots trying to find exploits than actual 404s?

A few days ago, I found about 20+ 404s of very suspect URLs, from the same user agent, all within the span of a minute. And while this wasn’t the first time I found this many 404s from a single bot, it did make me think, hmmmmm, maybe I should think about doing something about these exploit finding bots?

Disclaimer: I don’t work for Cloudflare and am not an affiliate. I’m just a happy user of their free plan.

Then I remembered seeing something about a Bot Fight Mode in their settings somewhere.

(There is a SUPER BOT FIGHT MODE, which I guess gives you control of how it fights bots? But I don’t know anything about it, since I’m only a free user and it’s not available to me.)

So now my 404 logs are more like this:

Notice that 8 hour gap in between the first two 404s??? 😱

And in Cloudflare, Firewall > Overview:

(There were 8 pages of this, btw. Most of them from the same bot.)

So yeah, it’s working awesomely. 👍

(And here, this is where I would mention alternatives for people who don’t use Cloudflare just to prove that I’m not trying to push people to sign up, but sadly, I don’t know of any. Sucuri, I guess?)

Re: Country Blocking

Also, on another note, notice that the country says United States? This is why I don’t believe in country blocking. Not only can the bad guys mask their location, folks from the “weird” countries (like Russia, China, India, etc) might be some normal people who just want to check out your site. And also, exploit finders can also legit be from the US (or Canada, or the UK, or Australia).

Re: IP Address Blocking

Folks might be wondering, why just not just block the IP address? IP addresses aren’t really that permanent:
- They can change just by someone resetting the router.
- Those of us privacy-minded folks who use VPNs, our IP addresses change whenever we connect to a server.
- People who make it their life’s work to find exploits on people’s sites wouldn’t use a fixed IP address. So if I were block the one in the screenshot, it would work great for about a day (whenever bots switch IPs), then when the bot moves onto a new address, the old one (52.142.62.44) could end up with some poor shmoe, who is now blocked from my site even though they didn’t do anything wrong.
For me, the answer to great WordPress security is:
- using strong passwords (randomly generated 20+ character string of upper and lowercase letters, numbers and special characters) stored in a trusted password manager
- 2FA if able
- using reputable plugins and themes
- removing unused plugins and themes
- getting a good security plugin (I like WordFence, but I hear a lot of good things about Sucuri)
^Not a complete list, btw.

– THE END –
September 26, 2021
GPORG Stands With Hong Kong
Instead of copying and pasting everything from reddit, I’ll just link to the actual thread, a list of resources:

HISTORY MEMES STANDS WITH HONG KONG

I discovered this about a year too late, and most of the US activism bits already passed. It looks like these are still relevant:
- Here is a list of companies that have bowed to China’s various censorship demands, over Hong Kong and other issues. Do what you will with that information. (More on this at r/BoycottChina)
- You can write a message to the government of Hong Kong through Amnesty International. It’s only a small gesture, but quick and easy to do.
- Petition the United Nations to condemn Hong Kong Police for excessive use of force and call for an independent inquiry.
- Request the International Court of Justice to investigate use of excessive force by the Hong Kong Police.
My Thoughts
- Really disappointed to see Apple on the list. (This and the CSAM controversy had me disable iCloud Photos and transferring photos to my laptop via cable.)
- Already knew about Blizzard & Activision-Blizzard being on the list. I haven’t bought anything from them since Diablo 3, partly because of Hong Kong and also because of the sexual harassment allegations.
August 25, 2021
GPORG’s Lighthouse Scores
I don’t really use Chrome, unless if it’s for work purposes. So that’s probably why I didn’t know you could use Lighthouse in the webdev tools window. 😱

Soo yeah, this was the best I could for GPORG (on the homepage). Apparently it is possible to get 100s all four, but almost impossible unless if you have an extremely barebones, one-page site. Some of the stuff Lighthouse wants you to do to score a 100 under Performance and Best Practices is kind of ridiculous:
- Remove unused CSS & JS — I mean…I once I figured out tree-shaking, the Performance score went from 80s to 90s. The only reason why it’s not a 100 is because the “unused” CSS & JS is being used on other pages (like the CSS for the Gutenberg blocks), and I still need that for things to display correctly. But Lighthouse doesn’t know that, so I still got dinged. If the CSS & JS files were much bigger due to code being used on other pages, I would’ve gotten a lower score.
  - Also depending on how many plugins you have that bring their own (required) code to the party, you might see a lower score.
  - And also? Adding things like tracking scripts can generate a lower score.
- Reduce server load — not getting this one anymore, but when I was still getting it, it was like…”how???” I had a pretty darn good caching plugin, combined with Cloudflare with memcached enabled, soo….🤷‍♀️
- Registers an unload listener — this is caused by the WPBruiser plugin, injecting some embedded JS directly onto the page. There’s no way for me remove that, and even if I could, I have no way of knowing if it would break the plugin.
Moral of the story — use Lighthouse as a guide but don’t lose sleep over it. (The only scores I care about really is accessibility and SEO, both of which I got 100s on.)

– THE END –
April 10, 2021
Disable Autostart for Discord || Windows 10

TL;DR version:

1. In Discord’s user settings, go to Windows Settings and enable (yes enable, read on) Open Discord.

2. In Task Manager, go to the Startup tab (click More Details at the bottom left of the window if you don’t see it).

3. Look for something called Update.

4. You should probably verify that this is in the Discord folder by checking the file location through the Properties window.

5. If it is, disable it and close Task Manager.

The Open Discord option needs to be checked in user settings, otherwise you won’t be able to find Discord anything in Task Manager’s Startup tab.

Long looooooong version….

One problem I kept running into when installing Discord on Windows 10 was that it would autostart, no matter what I had in my settings. (And I don’t exactly have a fast computer, so waiting 3+ minutes for it to “check for updates” wasn’t ideal.)

Whenever I looked this problem up online, every single tutorial said to go to Users Settings > Windows Settings and uncheck Open Discord. And sometimes you might have to open Task Manager, go to More Details so the Startup tab shows up, and disable Discord through there.

So, I went into my user settings in Discord, and noticed Open Discord was unchecked.

Definitely unchecked

Then I went to Task Manager > Startup tab to see if I could disable it from there. But…

No Discord here

There was nothing here for Discord. 😶 And the next 100 or so tutorials I found online repeated the same exact steps I read previously (disable through Discord’s user settings and/or disable in Task Manager).

After some searching online, I found this post on reddit (Discord boots up at start even though I have that setting disabled..), and while the first post did make sense, it still didn’t help sadly.

Somewhere around here, I crankily noticed this thing called Update and that the publisher was Github? I opened up the properties window to see what folder it resided in…

YUP. So Update needs to be disabled in Task Manager.

Only problem is it checks for updates whenever you first start your computer, and I don’t know if this happens for me (because of slow Internet), but it takes about 3+ minutes to check for updates. No idea if it’s possible to just disable it or make it shorter. 🤨

February 11, 2021