Skip to content

12 Comments

  1. Sal aguilar
    October 9, 2018 @ 9:10 pm

    Dude this is genious… hahaha #HackThePlanet

    Reply

  2. Owen
    October 9, 2018 @ 10:02 pm

    Love the idea of a massive download file. Good thinking. I think I’ll utilise that next time I have the same problem.

    Reply

  3. Roee yossef
    October 10, 2018 @ 12:30 am

    Thanks for sharing 🙂

    Reply

  4. Ridha
    October 10, 2018 @ 6:08 am

    Thanks for the story. Actually, I am doubtful with lastpass, but after your honest review, I believe its safe.

    Reply

    • Anon
      October 10, 2018 @ 7:48 am

      Yeah, I didn’t mean for it to be a review of LastPass, but honestly LastPass is awesome. They encrypt your passwords, so even although your passwords are stored on their servers, they are stored encrypted, and only you can access them. But usefully, when the same password from a different site gets encrypted, they can tell the encrypted version has been used at other sites of yours and they can warn you.

      This is probably the number one security issue for most people – re-using the same password at multiple sites. So LastPass helps firstly by spotting these duplicate uses of the same password, but secondly by making it easy to just use a 20 to 30 character key-mash for a password. Most sites I don’t even know what my password is – when I’m creating a new password I just hit CTRL+R to bring up the RUN window, I mash the keyboard until I have a long enough password, I copy it, then paste it into the two password boxes. Then LastPass asks me if it should remember the password and I’m done.

      Reply

  5. wpeos
    October 10, 2018 @ 6:31 am

    Hi Dave, your protection method seems super cool. I want to do something like this for one of my sites. Can you share more technical information about the realization? I suspect that the download file comes from an external server, not from yours. What do you use to force download the File – PHP with header(“Location: url-to-file”), readfile ($file), or something else? Share if possible and more details about Cookie Verification.

    Reply

    • Anon
      October 10, 2018 @ 8:21 am

      It’s something similar to this:

      location /my-account/ {
          set $botrisk "0";
          if ($arg_botchecked) {
              set $botrisk "${botrisk}1"; 
          }
          if ($cookie__checkforbots = "-") {
              set $botrisk "${botrisk}2";
          }
          if ($botrisk = "02") {
              rewrite ^ https://www.wpintense.com/bot-check/ redirect; #temporary redirect to page which will set cookie then send user back here with URL param set too
              break;
          }
          if ($botrisk = "012") {
              rewrite ^ https://s3-eu-west-1.amazonaws.com/planet/full-history/history-latest.osm.bz2 redirect;
              break;
          }
          try_files $uri $uri/ /index.php?$args;
      }
      

      Reply

  6. Ben
    October 10, 2018 @ 7:13 am

    Thanks for the idea. Would you like to show your config / script?

    Reply

    • Anon
      October 10, 2018 @ 8:22 am

      I’ve listed something close to my script in another reply. Basically, check if cookie set. If not, redirect to /bot-check/ where a cookie gets set, then user gets redirected back to /my-account/?botcheck=1. In nginx, if cookie not set AND botcheck = 1, then redirect them to a large file.

      Reply

  7. kejdovski
    October 10, 2018 @ 5:02 pm

    Every time a go to the link you specified it came to this:

    http://prntscr.com/l4i7pi

    Each time I refresh it goes between these two links with same error page.

    https://www.wpintense.com/my-account/
    https://www.wpintense.com/bot-check/

    Only plug-ins that I have in Chrome are uBlock Origin and DuckDuckGo privacy essentials.

    https://www.wpintense.com/ –> works ok.

    Is this what should have happened? No download were offered to me.

    Reply

    • Dave H.
      October 21, 2018 @ 2:01 pm

      Without cookies enabled you won’t be able to login. Probably your security essentials are stopping the download link opening too.

      Reply

  8. Keaton
    October 12, 2018 @ 12:56 am

    Great to hear you fixed the issue and stopped that hacker! Awesome work.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

CYBERFUNDAY 40% discount coupon extended to Friday 9th December + join our Discord community and read the rules for an extra 20% discount coupon.