blog

Why programmer should have a blog

Recently a few people were asking me why I have a blog. Some of them were not programmers. It reminded me about the draft of this post, which I have for more than a year now. I planned to extend it, but I think keeping it short, and maybe edit in the future would be a better solution.

The reasons why I have a blog:


Brute Force Attack on my blog

Some time ago I created an Azure alert (thanks to Iris Classon). I did it as a part of my Azure exploration. The rule I created, send me email every time I have more than 1000 requests per hour:

azure alert

I received one or two e-mails in last two weeks and that was fine. High traffic can happen occasionally. Of course I created this rule based on history of the number of requests from the past. However, last night I received 3 e-mails. I checked with Azure Management Portal and number of requests suddenly exploded:

azure alert requests

That was suspicious. To make an investigation I turned on Web Server Logging, which logs all HTTP requests:

azure - logging

Then I found out this:

#Software: Microsoft Internet Information Services 8.0
#Fields: date time s-sitename cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Cookie) cs(Referer) cs-host sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken
2014-09-02 04:43:35 JJ09 POST /wp-login.php X-ARR-LOG-ID=f22e667c-3b13-4bdf-adf3-816cda8fa0db 80 - 195.211.154.159 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+125LA;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.648;+.NET+CLR+3.5.21022) - http://jj09.net/wp-login.php jj09.net 200 0 0 4573 787 624
2014-09-02 04:43:36 JJ09 POST /wp-login.php X-ARR-LOG-ID=782db699-4467-418c-8814-7a8cb5ee7175 80 - 195.211.154.159 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+125LA;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.648;+.NET+CLR+3.5.21022) - http://jj09.net/wp-login.php jj09.net 200 0 0 4573 790 656
2014-09-02 04:43:37 JJ09 POST /wp-login.php X-ARR-LOG-ID=79cb788b-d646-43d7-8012-c31d507557bf 80 - 195.211.154.159 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+125LA;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.648;+.NET+CLR+3.5.21022) - http://jj09.net/wp-login.php jj09.net 200 0 0 4573 788 1718
2014-09-02 04:43:38 JJ09 POST /wp-login.php X-ARR-LOG-ID=7cc0286e-6b81-4802-851b-d5aaea20daf3 80 - 195.211.154.159 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+125LA;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.648;+.NET+CLR+3.5.21022) - http://jj09.net/wp-login.php jj09.net 200 0 0 4573 790 703
2014-09-02 04:43:40 JJ09 POST /wp-login.php X-ARR-LOG-ID=29c99e85-4552-49c3-8527-290a3c68ac86 80 - 195.211.154.159 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+125LA;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.648;+.NET+CLR+3.5.21022) - http://jj09.net/wp-login.php jj09.net 200 0 0 4573 787 718
2014-09-02 04:43:41 JJ09 POST /wp-login.php X-ARR-LOG-ID=49e52af5-b40e-406b-b64b-c80bc8cc6501 80 - 195.211.154.159 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+125LA;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.648;+.NET+CLR+3.5.21022) - http://jj09.net/wp-login.php jj09.net 200 0 0 4573 787 718
2014-09-02 04:43:42 JJ09 POST /wp-login.php X-ARR-LOG-ID=d40f4c89-932f-4a81-bfc6-cd403ab8b71b 80 - 195.211.154.159 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+125LA;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.648;+.NET+CLR+3.5.21022) - http://jj09.net/wp-login.php jj09.net 200 0 0 4573 788 671
2014-09-02 04:43:43 JJ09 POST /wp-login.php X-ARR-LOG-ID=7ec01966-00de-47d1-ab35-5fae51898269 80 - 195.211.154.159 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+125LA;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.648;+.NET+CLR+3.5.21022) - http://jj09.net/wp-login.php jj09.net 200 0 0 4573 787 703

Raw, POST requests to wp-login.php page from the same IP address (195.211.154.159) in every 1-2 seconds!

Looks like brute force attack. I checked this IP on AbuseIPDB. It was repored once:

hacker ip

I also check this IP with ipTRACKERonline:

hacker ip - tracking

Looks like “the hacker” is working from underground!

It is even more interesting how “the attack” stopped:

2014-09-02 04:49:04 JJ09 POST /wp-login.php X-ARR-LOG-ID=d56af862-6675-4d63-aa1e-c5858b222467 80 - 195.211.154.159 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+125LA;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.648;+.NET+CLR+3.5.21022) - http://jj09.net/wp-login.php jj09.net 200 0 0 4579 787 658
2014-09-02 04:49:05 JJ09 POST /wp-login.php X-ARR-LOG-ID=c63c5285-f667-4b49-a9ca-e6dc6c4a881d 80 - 195.211.154.159 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+125LA;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.648;+.NET+CLR+3.5.21022) - http://jj09.net/wp-login.php jj09.net 200 0 0 4579 790 718
2014-09-02 04:49:06 JJ09 POST /wp-login.php X-ARR-LOG-ID=820525bb-5972-48d7-b873-e5143f07de60 80 - 195.211.154.159 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+125LA;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.648;+.NET+CLR+3.5.21022) - http://jj09.net/wp-login.php jj09.net 200 0 0 4579 789 1721
2014-09-02 04:49:21 JJ09 GET / X-ARR-LOG-ID=60ce7301-6f46-4397-a24d-9afda6fe2f62 80 - 137.117.234.219 - - - jedryszek.com 200 0 0 134454 753 1562
2014-09-02 04:50:56 JJ09 GET /sending-email-from-rails-application/&sa=U&ei=5EUFVLr8OYvIgwSntoGABQ&ved=0CNsCEBYwVg&usg=AFQjCNFrPOjfBT525UoKx41tEt5C4PeHYw/xmlrpc.php X-ARR-LOG-ID=2a586af6-67f9-41e3-90fe-3d21deeb545b 80 - 91.205.75.136 Mozilla/5.0+(Windows+NT+5.1;+rv:24.0)+Gecko/20100101+Firefox/24.0 - - jj09.net 404 0 0 93650 839 1407
2014-09-02 04:52:02 JJ09 GET /wp-admin X-ARR-LOG-ID=8feceffd-e44d-4002-b66b-53c9d5ec354e 80 - 24.22.164.96 Mozilla/5.0+(Windows+NT+6.3;+WOW64)+AppleWebKit... - jj09.net 301 0 0 570 1540 31

First 3 requests are from “the hacker”. Next one is a request from Azure Scheduler (I was testing Azure Scheduler to ping my blog every 5 mins). Then somebody visited my post about Sending e-mail from Rails application. The last one, is me logging on.

The standard hosting provider will probably require me to send an email asking about logs, and they probably will not have all logs…but on Azure I could just turn it on and check whatever I wanted. This shows the real power of the Cloud!

After this incident I installed BruteProtect plug-in. It claims that since yesterday it blocked 65 attacks on my blog:

BruteProtect

To be honest. I was shocked. I assumed that some attacks happened in the past, but 65 in 1 days? No idea if it is true, but I will give it a try and see what will happen in a week or a month.

Did you have attacks on your blogs/websites? What kind? How did you find out? What did you do to stop it and prevent in the future?


How to add Google Analytics to WordPress blog in the right way

I just found out, that Google Analytics was not counting my blog post pages. Only index page and all other subpages, but not post pages. This pages, which I am linking e.g. on twitter every time I blog!

From some time I was wondering if really only ~10 people are reading my blog. My last post about Getting started with iOS, was visited by 12 people in the day it was published and 10 in the day after.

iOS post stats

Then, on Google Analytics, I went to behavior > ‘site content’ > ‘all pages’ to check how many people visited the blog post page. And…there are no post pages in the statistics at all!

iOS post stats: pages

I knew that it is impossible, because at least I visited the post page. Then I checked statistics on Azure:

iOS post stats: Azure

There are no unique views, but even page views on Google Analytics shows less than 20 per day. I published the post around 11 am, and announced it on twitter 11:18am. Then I got 7030 requests between 12pm and 1pm. It makes sense. Of course 1 Azure request < 1 unique page view. According to Azure Management portal I had 62226 request in last week. How many unique pages views it is? I don’t know and I will never know. But I am sure it is more than 54!

Why Google Analytics didn’t track my posts? I put Google Analytics script in index.php file, in my WordPress theme directory. Apparently I forgot to check if it works for all pages.

Now, I installed Insert Headers and Footers plugin to insert script from Google. As recommended in How to Install Google Analytics in WordPress for Beginners. It seems to be working fine now. Here are statistics from today:

iOS post stats: after Google Analytics script fix

There are also other plugins like Google Analytics for WordPress or Google Analyticator, but they insert Google Analytics snippet based on communication with Google api. It means, that if Google change their API for Google Analytics, plugin may not work. I don’t want to be depend on that and just want to paste customized JS code I obtained from Google.

I also added Azure analytics script. Now, I will be able to cross-check the statistics.


First year of blogging – summary

1st year stats

Today is my small anniversary: in May 31, 2013 I wrote my first blog post. Since that day I wrote 54 blog posts (this is 55th), which is 1 post per week in average. According to Google Analytics, my blog was visited by 810 users. Is it good?

When I started blogging, this blog was hosted by Webio.pl. Now, it is on Azure. My primary domain is jj09.net. I have also two alternative domains:

This blog helps me to summarize stuff I am working on. Additionally, it helps me to improve my writing. I think I am less anonymous in Passionate Programmers World now. Occasionally I am finding my blog listed on some websites. My post about Multithreading in C# and Java was listed on Geek Reading.

I do not have any specific plans for the second year. I am graduating from Kansas State University in August and I am about to start a new job in September. This, along with moving to a different city will be the biggest challenge in this year.


New domains

Today I bought two, new domains for my blog: jedryszek.com and jakubjedryszek.com.

jedryszek.com jakubjedryszek.com

I purchased them on GoDaddy. The price was reasonable ($12.99 per domain for first year, $14.99 for renewal). GoDaddy is quite popular service. Thus I will get many online resources and support from the community.

Are you looking for domain name register? Check Five Best Domain Name Registrars.