Brute force attack on NZTECHIE.COM

Looking through the logs for my website its quite common to see 50 to 100 entires per day showing attempts to crack the password on my WordPress Admin panel.  These are mostly compromised systems that are part of automated Botnets crawling the interwebs for vulnerable systems.  Everything seemed perfectly normal with my security plugins detecting and reporting on those attempts, that is until in January when an email from my web host arrived advising me that nztechie.com was churning through too much CPU and overloading the host server.

It was my WordPress admin logon page being hit 27,400 times in one day that started all this.  It wasn’t network bandwidth that was being exhausted but CPU.  After some additional investigation and discussions with my web host we actually found that it was my Wordfence Security plugin causing the issue!  Wordfence is a great security plugin with an excellent spread of features to assist with hardening a WordPress Blog and I thoroughly recommend it. One of those features is a ‘live traffic’ display showing in real-time a plethora of information about your visitors.  Unfortunately this uses CPU cycles (even if you are not actively using it) and with lots of hack attempts it to ramped up CPU utilisation to what my host claimed was exhaustion.

At the time I was using the free tier of CloudFlare which reported the traffic (but did not report as an attack) and did not automatically take any action. Once aware of the attack I manually used the ‘i’m under attack’ option in the services settings as recommended by CloudFlare.  This option set broadly across a website will further scrutinise all visitors and seems to be very proficient at weeding out and blocking automated Bots from connecting.  With this enabled visitors receive an interstitial page when they initially connect to a protected website whilst CloudFlare performs some automated magic to determine if you’re a human, a crawler, or part of an attacking botnet.  If you don’t have JavaScript enabled then you are not human.

CloudFlare Interstitial Page

CloudFlare Interstitial Page

After some additional research I found that I could apply this additional protection to specific pages through the use of page rules.  My WordPress login pages are now protected with this and it seems to be doing a great job!  Wordfence is no longer showing the usual daily list of attempts as they are all being blocked at the edge via CloudFlare and I can safely turn Wordfence Live Traffic back on.

The problem with NZ Post ParcelPod

For some people, getting stuff delivered can be a bit of a pain if you don’t have a good reliable delivery location.  If you have a work or business address then typically someone is available to take receipt and sign for packages and items that are being carried by a courier company.   I see that a lot of New Zealand online stores do advise customers to use a business address for deliveries in order to avoid the dreaded “card-to-call” when a delivery is attempted to a residential address and nobody is home.

How about another option? Over the Christmas period last year I had a look at and signed-up for New Zealand Post’s ParcelPod trial.  In a nutshell NZ Post have a number of secure locations nationwide where you can have parcels delivered.  The pods work similarly to lockers in gyms and recreation centres in that they are shared between users and accessed using a code.  Customers receive a text message and/or email notification that a delivery has arrived along with the code required to open a Pod. The whole process is automated from the users point of view and you have a couple of days to pick up the package anytime 24/7.

I was travelling around the country at Christmas time and was due back in my hometown in a few days.  On my time off I noticed that JB Hi-Fi were running a clearance deal on the original Microsoft Surface RT tablet.  I’ve used both Apple and Android tablets extensively and thought this would be a great opportunity to have a look what Microsoft is doing in tablets in a cost effective way.  For under $300 it looked like a plan.

Within minutes of opening up the JB Hi-Fi website I had dropped this tablet in to my shopping cart and was ready to proceed to payment.  I thought this was great, a new tablet and I will be able to try this nifty new ParcelPod service!  Boy was I in for a disappointment.

The primary courier company that JB Hi-Fi uses is Poste Haste Couriers.  Post Haste are a direct competitor to NZ Post that are running the ParcelPod system.  On that note Poste Haste simply refuses to deliver to a NZ Post ParcelPod.  I’m not an expert on the delivery system but I didn’t see any logistical reason why Poste Haste Couriers could not deliver to the ParcelPod.  The address is a physical address like any other.

My enquiries started with NZ Post and the response from the staff member I spoke with on the phone was “we can’t make them deliver to us”.  My next port of call was to speak with Poste Haste Couriers.  The response from them was a flat out “no, we don’t deliver to NZ Post ParcelPods”.  My package had been sitting in one of their distribution centres for 3 days in their “problem” pile.

Fortunately for me I was back home by then and Poste Haste redirected the package to my home where I had waited for a day to receive the re-delivered package.  In hindsight I could have probably asked to pick it up but their system showed the package bouncing around their mail system so much I thought it best not to interfere further.

So that’s briefly what happened, but what am I actually ranting about?

The problem I see here is that if you order something from an online store or otherwise and that company uses Poste Haste or another competitor which refuses to deliver to a ParcelPod.  Some online stores tell you which courier company they use but many do not. Some may use a variety of companies so it could be a real hit or miss if you order something and the company concerned has not formed an agreement with NZ Post to deliver to the Pods.

I had a look in depth on the ParcelPod site and they do not provide any list of couriers who will not deliver to them (Update: list of compatible couriers now found on website).  To NZ Post’s credit they do clearly indicate that this is a trial only and I’m a guinea pig in their test.  The trial is currently open and anyone can sign-up for it on the NZ Post website.  It’s a very reasonable $5 for 3 months or $10 for 6 months.  NZ Post says that this is a nominal charge simply to test the payment system.  I would expect if they went beyond trial status on this that they would probably bump up the fee.

On a side note I gave JB Hi-Fi a call just to let them know that the primary courier company they use simply won’t deliver to these Pods.  The person I spoke with indicated to me that they would look at adding a note on their website about ParcelPods.  That was in December.  It appears to me that they haven’t added anything to their already quite extensive shipping and delivery web page.

Who is at fault here?  NZ Post, Poste Haste, or JB Hi-Fi?  To be honest this seems to fit in to that nice little box of it being nobody’s fault.  Without a lot of motivation to improve the system its quite likely nothing will be done to rectify the situation.  I plan to reach out to some of New Zealand’s courier companies to find out who will and who won’t deliver to a ParcelPod.

5 Things Orcon don’t tell you about their fibre connections

1. You can’t have a static/fixed IP address yet.

2. You can keep using all your jackpoints. Orcon tells you that you need to plug your phone in to your Genius and if you have DECT or other wireless extensions you can use them to allow multiple phones to function.  In fact, you can have Chorus feed the phone connection from your Genius back to your existing splitter and distribute the line between all your extensions.  Everything works as before!

3. Orcon might provision your UFB connection without checking that Chorus have completed the install.  If you’re moving from Orcon DSL to UFB Fibre you might find your existing connection cut off at some arbitrary point when they consider you should be up and running.  I’ve had Orcon Provisioning tell me that they did this to me!

4. The install might take more then one day if Chorus have issues piping the fibre down to your location.

5. There is a known issue with the Orcon Genius firmware version 1400.  This is causing a regular loss of connectivity for UFB customers.  Orcon states that they will be releasing an update to resolve these problems.