Peaking at No. 3 on the Billboard Dance charts for the single ‘F$ck Your Boyfriend’ produced by Ralphi Rosario, Frankie C. has teamed up with The Klassiks to deliver a massive new anthem. With powerful vocals, infectious melodies, throbbing basslines, and pulsating beats, this track is not to be missed.
Website Security? not a topic we usually cover here on the station but we know a lot of the Djs, Shows, Promoters and many others all have websites that run a cms like WordPress.
We moved away from WordPress recently and run our own bespoke php site mainly because many things we wouldnt be able to accomplish by using just one cms ( while our site still reports as being wordpress it is infact bespoke php and a lot of extra things all melded together some online and some offline, that drive and maintain our scheduling of shows and our own content created by us ( we dont just post #Nowplaying!, or retweet other peoples posts with a “bot” program like others and we even have a registered office where our studio is located!), were not just an online station, we have evolved past that!
So why the Security post!
So why the Website Security post? well mainly because over the past year or so we saw an ever increasing number of attacks on sites that run WordPress ( the past 24 hours alone 04/04/2017 wordfence ( a security plugin for WordPress) reports some 40,000,000 + attacks on sites running WordPress!) ( mostly from the ever inept “Script Kiddes” some far more serious!) but the constant attacks consume resources from servers!, which slows things down for “real people” trying to actually access content from us, that means slower page retrieval for people wanting info on the Djs, shows, us etc everything our server has to do takes away a bit of speed from what could be used to serve content to a genuine person not “bots”, “scripts”, “site rippers”, “content stealers”, “crawlers”, “spiders, ( there’s loads of them!”) or someone trying to hack the site!
The first thing you should do is always update to the latest version of WordPress, any plugins, and then we totally recommendwordfence while “out of the box” its ok, it can be much much better if you add some custom rules and common attack locations ( listed below!), we also recommendthe google authenticatorapp ( meaning you need your phone to generate the 2fa code to access your site!), we tried blocking attackers with .htaccess but to be honest that’s a never ending task with an ever growing list! ( that will also slow down your site access speed), its better to deny access to anything you want to protect to anyone other than you ( your IP!), its just easier!.
The best way to achieve this is to just Deny access to some files or directories from anything other that your own Ip address( sure it can be tiresome to have to open an app on your phone or update htaccess with your new IP address (if it changes) but weigh that against the security of the site and the content you’ve spent ages making and you’ll find its totally worth a slower login or an ftp upload to update the hta file!).
wordfence fails in the fact it fails to prevent access to your basic login page on WordPress, this means that your WordPress login page is forever exposed!, even if you try to use another plugin to “hide the login”, chances are because of the way wordfence works it will expose your login.php to the world! or worse yet it will break, ( totally a bad thing in our opinion!, even a basic login.php hide plugin prevents more attacks than wordfence!, why? were unsure!( we suspect because Wordfence collect the attack data and use it to mitigate evolving threats), why would you write a security app and have a premium and free version? maybe the premium version allows you to hide your login? don’t misunderstand us, wordfence is a great plugin, but like all things there is still room for improvement, ie: hide Login, Admin areas except from your ip, maybe they could even allow you to whitelist or block ipv6 by cdr as well in the future?, but security issues are not limited to just wordfence! even WordPress exposes your login when you add a post ( HINT:- never make posts from an admin account!, always post from an account with lower privileges!, that way even if your posting account is compromisedthey wont have access to change to much!)
How do i do it already!
Common attack locations!
Listed here are the most common attack locations we have found with most attacks from across several websites, please don’t blindly just add them to the wordfence blocked URL list without at least making sure your site still works after! if it doesn’t or you get locked out, you can access your site via ftp, rename the wordfence folder and login again, you’ll need the WF Assistant plugin to deactivate the firewall blocking rules before you rename the wordfence back to its original name, and then reset the blocking and firewall rules manually.
Worth blocking as there the most hit “vulnerable pages”, and hits like this take up resources!
This is not a comprehensive list! there are thousands more in our list however its pointless to try and list them as the change so often however wp-login.php is most certainly the favoured attack vector of kiddie scripters who just use brute force bots.
Second is how to prevent access ( most important!)
Listed here are some of the Htaccess rules that will block access to your wp-login etc, “YourIPaddress ” should be changed to your own IP address which you can find here : Whats my IP
These should work even if your not running a WordPress site and can be used to protect your pages and folders that you don’t want others to access, for example if you have phpmyadmin installed.
for these to work you will need the Mod_rewrite turned on :
Our belief on this is that an error 410 (page no longer exists and isnt ever coming back!) is far better to return as a header than say a forbidden error!, why? well if we were to program an attack bot we’d include a 410 escape to next site routine!, a forbidden only serves to show that it exists and they should continue to try!, why double entry’s, that’s because one stops it from a root perspective and the other from any location masking any location with the same response!
There are of course other ways to achieve this you can block by :
and with the correct conditions and rules achieve pretty much what you wish, but the above simply worked for us!
We were running many more things as well before we moved but this was what was the easiest to achieve and implement and negate the attacks by this people we hope it helps you all to!, #Staysafe
By no means is this a comprehensive list! its just what we found killed off the most common attacks you should protect yourself against at a base level and work from there on whats unique to you!
Ok we don’t promise it will work for you!, but at the very least it will certainly cut down those retarded “script kiddie” hacking attempts on your WordPress site !if you have comments or amendmentswhy not drop us an email: firstname.lastname@example.org or leave a comment.
Nia Orea is a genre-bending music producer based in the UK. Her first single on the Teknofonic imprint showcases her passion for music production. Flawlessly constructed, the track is chill and vibrant, making it a must have for your late-night or more subdued playlists.
Colombian producer Anndres Orttega returns to the Teknofonic imprint to release an action packed new single. Filled with pulsating beats, driving bass, and sizzling synths, this Trance banger will get you moving out on the dance floors.
Time for another podcast from the hallowed halls of StudioSoundsRadio!, Gracing the ones and twos for February we have another guest mix from the one and only Anthony Murphy!, fire up your podcast app and get on it this ones straight out the top quality drawer!, you can check out all about Anthony here: http://www.studiosoundsradio.com/anthony-m/ there you can find out all the info about this great Dj Coming out of Cork Ireland, all we can say is enjoy the sounds!
From all of us here we wish you and very happy Christmas and a peaceful and prosperous New year 2017 🙂
special thanks to everyone we have worked with over the year all of your help and support has been greatly appreciated.
Owing to a scheduling screw up this week you may have missed the Sunset from Holland show by Dennis R to address the balance we are posting the show that aired ( Sunset from Holland ep 172) here on our podcast so you can listen at your leisure.
you can find out more information about Dennis R and the Sunset from Holland show here
Over the course of this weekend 12/11/2016 we have completely rewriten our entire website with a brand new look and feel together with a brand new layout, some features remain the same some are new! some things look the same but procedures differ! pay close attention to the changes! they are what makes the difference.
we will be adding an adjusted schedule over the next 24 hours which will see several shows move to times that we feel is more appropriate for there show, we will not enter into any discussions about why shows have been moved or why they were moved to new times, its what we feel is best for the station following our monitoring and research over the past month.
We always try to do the best for our shows and Djs and constantly promote them as we put in a lot of work making images, pages, scheduling, airing ( all of which costs us money that we never charge to the listeners or the Djs , we foot the bill ourselves!) we will be focusing on becoming the best we can, to generate likes, follows, reposts and interaction its why we do what we do after all!, No one is so big that they cant share a post!.
So with all of that in mind we now have the pleasure of presenting this weekends serious hard work to you the listener! please let us know what you think by emailing: Contact@studiosoundsradio.com and let us know if, what or why we can change something else to make the station better!, after all, It is your station!, and we listen to what you say to make things better or everyone!
Episode 14 of the Mixtape Mondays show experienced some disruption yesterday due to a technical fault here in the studio, we apologize for the inconvenience caused to certain viewers to ensure you stay up todate and can hear the latest episode it will be available here or from our podcast feed too.