Barbarians at The Gates, Yet Again

hJ5Oi3h

Sorry to keep bothering everyone with posts about our efforts to deal with hackers and spam. I assure you that we are not any happier about this constant distraction from more interesting things…like offshore voyaging…than you are.

Anyway, once again AAC is under attack: Spammers trying to access the comments, hackers trying to break in to put nasty stuff on our site, brute force attacks, you name it. So far we have warded all of this off, but it is a constant worry.

The Risk

We don’t have any of your financial information on the site–all of that is handled by Paypal–so that’s not a potential problem. But your email addresses are in our membership and comment database, and we take our responsibility to guard those very seriously. In addition, it is possible for a hacker, if they were to break in, to place malware on our site that could cause you problems.

Upping the Defences

We have long had our site monitored every four hours by the good folks at Sucuri so we could take it down if anyone did breach our security, but now, due to the level of attacks we are getting, it’s time to take our defences up a notch. To that end, we have just enabled Sucuri Firewall, which will make AAC as safe as any site on the internet, and a great deal safer than most.

Potential Problems

However, there’s a down side. There is just a possibility that the new firewall could break something on our site. So if anything at all does not work, please tell us.

There is also the risk that Sucuri could misidentify you, a legitimate user, as a hacker and lock you out of this site. (The screen would look like the graphic at the beginning of the post.) And this gives us a real problem, since it would also lock you out of our member system, comments, and contact form.

Could Make You Crazy

Big time Catch-22: you are locked out and you can’t tell us about it. This could make any person, no matter how calm and cool, really crazy. And we need to know immediately, so we can fix it.

Contacting Us

The good news is that most of you have access to our direct email. No I can’t publish it here, or we will be inundated with spam, but I can tell you what to do if you do get locked out:

  • If you are a member, we are about to send you an email about this, so just reply to that.
  • If you are not a member, but a subscriber, just reply to any email informing you of a new post.
  • If you follow AAC on Facebook, just use Facebook mail.
  • If none of that works our direct email address is info at our boat name (all one word) dot com.

However you contact us, we will get right on it.

If you are planning to contact us on another matter, please use our normal contact screen.

The Bright Side

Two pieces of good news in all of this:

  • If the firewall works as advertised, we will be able to get rid of that annoying arithmetic problem you currently have to solve before commenting.
  • The site should get faster because we won’t be using server resources fighting off hackers and spammers, as we are now.

Thank You

Thanks to all for your patience.

And a special huge thank you to our members who pay us so we can pay Sucuri to keep everyone that visits this site safe.

 

{ 14 comments… add one }

  • Dick Stevenson June 27, 2014, 3:44 pm

    John and your colleagues,
    I am so sorry that must endure spam and hackers and all that. So many things nowadays seem to carry with them baggage that is totally unnecessary and a real detriment to the world feeling like it is a workable place.
    Dick Stevenson, s/v Alchemy

    Reply
    • John June 28, 2014, 10:22 am

      Hi Dick,

      Thanks for the thoughts. Yes, it really does seem that way, to the point that a couple of times I have been close to throwing up my hands and giving up due to all the attacks.

      However, I’m really feeling good about this change. The key being that we have some of the best anti-hacker people in the business watching our backs so we can do other things, like going sailing!

      Reply
  • David Wright June 28, 2014, 12:38 am

    Hello John,
    I am a new member, and this latest round of e-attacks has prompted me to get off of my duff to support your site, which is by far the best sailing site around, especially where high latitude sailing is involved. Thank you and your associates for encourage such a great dialogue.

    Reply
    • John June 28, 2014, 10:20 am

      Hi David,

      Thanks very much for joining and the kind words. As I say in the post, it is you and your fellow members that keep the site alive and growing. Although we get some revenue from advertising, it is not enough to keep the lights on.

      Reply
  • Denis Bone June 28, 2014, 9:19 am

    John, or anybody,
    I have been baffled for some time and this seems an ideal opportunity to ask: What do the hackers gain from what appears to me to be a purely destructive activity. Everything, every new development, that is really potentially good seems to be attacked and degraded by people whose only motive appears to be mischief and inconvenience to others.
    Denis

    Reply
    • John June 28, 2014, 10:17 am

      Hi Dennis,

      Good question. Some of it is “just for badness” as they say in Newfoundland. Some of it is to insert links that will bring people to their own sites, and the really bad stuff is to insert malware (small programs that will try to invade your computer and do bad things).

      Anyway, the guys at Sucuri are some of the best in the business at thwarting these people, so I think we are pretty safe now.

      Reply
    • Matt June 28, 2014, 4:24 pm

      The “let’s see what we can break today” mentality is something that most of us, particularly those with jobs, relationships and responsibilities, simply don’t understand. But it is real. Some people just want to watch things burn, and it only takes a handful of them running LOIC on their parents’ cable connections to wreak havoc on whatever site 4chan decided, out of sheer boredom, to destroy this morning.

      Highly recommended reading if you want to understand what it’s like to be one of the programmers / admins who are constantly defending the internet from this stuff: http://stilldrinking.org/programming-sucks

      Reply
  • Heather Holm June 28, 2014, 10:29 am

    I’m sure you have taken the basic steps for securing your site and making sure it’s not among the low-hanging fruit that the attackers are looking for. I use Wordfence on my WP sites, and know how it feels to watch the coordinated, automated, distributed attacks that are constantly going on. To keep my sanity, I have to trust that best practices and the vigilance of whatever security services you use will keep you safe. It isn’t quite like short-handed passage-making; you don’t have to stand watch 24/7.

    It is indeed odd to make one’s living building or relying on something as ephemeral as cyberspace, this incredibly useful and powerful, constantly changing and vulnerable alternate reality that we are collectively creating.

    BTW the best email encoder I know of is the Hivelogic one at hivelogic.com/enkoder. There is a WP plugin version called phpenkoder (doesn’t work in widgits, so I use the website for addresses there).

    Reply
    • John June 28, 2014, 10:42 am

      Hi Heather,

      Thanks for the tip on email encoders, that’s next on my never ending list to look at.

      Yes, we adhere to all the basic security best practices. The problem is that none of that deals with the problem of server load as a result of attacks.

      About a year ago we crossed some kind of traffic threshold where suddenly hackers apparently decided we were big enough to be worth their time to attack us. And at that point attacks skyrocketed to a couple of thousand a day and climbing, and worse on bad days. The big benefit of Sucuri firewall is that it runs on their servers, not ours, so they absorb all the load of dealing with hacking and our server is free to serve our content to our readers.

      Reply
      • Marc Dacey July 20, 2014, 3:25 pm

        John, thanks for this attention to your unfortunately imposed housekeeping. I have my own domain name for mail purposes (I have no webpage per se until we go offshore), and I’ve found that the better sort of domain name firm will have a range of filters and user-tools to control spam and to “whitelist” legitimate contacts. Of course, it may be a tribute to your hard work that you are now “a fish big enough to catch”…cold comfort, perhaps, but then you have a brighter audience, I think, than the average cat-based Facebook page…

        Reply
  • Wil June 29, 2014, 4:22 am

    Hang in there John, we’re rootin’ for you…..
    Sounds like you made it over the hump on this one.

    Reply
  • Richard William Lord June 29, 2014, 9:08 pm

    Even if I’m “Blocked Out / Locked Out” concerning being able to post a comment—– as long as I’m able to log on and read your experiences, explorations, recommendations and read your stories and view your photos of “where you are, where you’ve been, where your heading and all the trials and tribulations along the way”—- that’s all I need to keep me dreaming..

    Great site.. Really hope your able secure and defend your “Kingdom”.. For me, it’s a great place where dreams really do come true..

    Richard William Lord..

    Reply
  • Simon Wirth June 30, 2014, 9:12 am

    Hei John
    Thanks for all the work you’re putting in the site, it is allways a bright spot in my day if you post something new. And don’t bother about this information posts, with your gift for words, I’ll allways enjoy reading them.
    Simon

    Reply
    • John June 30, 2014, 5:50 pm

      Hi Simon,

      What a very kind thing to say, thank you.

      Reply

Leave a Comment

Please read our Comment Guidelines before you comment.
If your comment does not display immediately, please contact us
.
Your e-mail address will not be displayed and we will not send you junk mail.


Get your own avatar like ours.
Avatars

Previous Post (by date):

Next Post (by date):