Backpackinglight.com 2020-2021 Website Development Timeline

” We now block 30% of attempted traffic to the BPL site. This traffic is the direct result of malicious bots and known hacking networks attempting to steal passwords and other user data, overwhelm server resources, and inject malware into the site.”

I knew the web was a rough place, but I did not know it was this bad!

Hang in there.
Cheers

We get brute force (e.g., bot login attempts) attacks – each one from a different IP – at least once per second. It’s nuts.

And they love to target users who have easy-to-guess passwords or ones that have already been compromised. Play your cards close when it comes to passwords.

The new search looks slick as hell. This whole writeup gives me a lot of confidence in the future of BPL. Thanks for keeping us updated!

Roger

“I knew the web was a rough place, but I did not know it was this bad!”

It’s mostly script-kiddies running fairly innocuous of-the-shelf hacks, plus generic Russian, North Korean and Chinese hack-bots looking for unpatched vulnerabilities.

Nowadays the developers, operating systems, languages, frameworks and hosting environments are far more security conscious – it’s actually easier to write a relatively secure site than it used to be, despite the volume of attacks.

Of course nothing on the open web is truly secure, but for a small operation like this you can pretty much ensure that the cost of a bespoke hack would be greater than the value of the data, so you don’t attract the attention of the real pros.

And we thought it was bad when we had the shoe-bots!

Cheers
PS: yes, I know who is doing the attacks. They annoy me.

I knew the web was a rough place, but I did not know it was this bad!

With my tiny blog I now have three services to protect my site. Two I pay for and cost me $400 per year. My site has had 3.5 million page views in 12 years, meaning it is a very small blog.  Keep in mind my site is free, so I had to finally include ads to pay for security, web hosting fees, etc.

From the beginning I turned off the viewer comments feature. For several years I would sometimes get hundreds of comments per day, but none could be published, but they took up resources and time to delete. I was finally able to block that.

A couple years ago or so, someone was able to add code to a widget, which showed the temperature in Palm Springs, on my site that would mine bitcoin using a visitor’s computer. That was a mess.

Brute Force attempts the past two years caught by just one of my security programs.

And so it goes. Another service blocks IP address that attempt to log in to the admin site. That goes in batches by country. Eastern Europe, China, Indonesia, etc. Each of my three security services catches things the other two don’t.

From all of this I can really appreciate the time, money, and effort Ryan has to constantly invest in BPL.

I do have a sort of bushwalking blog, an old one, but it is hard-coded in HTML and has no 3rd-party SW and no user comments. I made it strictly Read-Only.

Cheers

Roger – Sometimes, old-school is the best school :)

Glad to see BPL’s growth and looking forward to the enhancements. I don’t know if it’s related to those, but in the last few days I’m experiencing link misdirection and lack of permissions – I’ll click on a forum notification, only to be redirected to a different thread or to see a message that I don’t have permission to see those threads (I’m a longtime Lifetime/Unlimited member).

EMOJIS! WE WANT EMOJIS!

(Well maybe not “The Finger” emojis oe poop emojis or kiss emojis but just a nice selection of face emojis – in all skin colors.)

Wait – what? You can’t use emojis? 🤔 we should be able to fix that 🙏

You’re going to put an emoji button menu in the formatting bar?

^ I hope not…

But on the Mac, hold down the Control and Command keys and the spacebar all at one time. This brings up the emoji screen. Select the one you want and voila…🐾

I hope we don’t once again lose a bunch of members due to subscription snafus.  Should we expect all our saved links, subscriptions etc to be lost when the change is made. I lost so much it’s still annoying to think about.

Keep your user data, or get an emoji button? Can’t have it all (wink) 😉