The North East Bee Hunt

The Natural History Society of Northumbria are currently promoting The North East Bee Hunt. I like bees, but I don’t know much about them. I especially don’t know anything about identifying them, so I like it when the introduction to the hunt includes the very unthreatening come-on-in of:

Urban or rural, beginner or expert, naturalist or nature lover, everyone can help to increase our knowledge and awareness of bees in the North East.

https://www.nhsn.ncl.ac.uk/activities/the-north-east-bee-hunt/

Well that doesn’t sound scary so I signed up, and also set myself up an account on irecord, the website where records and sightings are submitted and checked.

In these Covid-19 locked-down times, there are worse places to be than in your garden squinting at bees through your camera then trying to work out what they are. The Natural History Society provide an identification guide of the five key species that they’re interesting, although I also found the BTO guide useful too, especially as I found I had a Buff-tailed bumblebee (Bombus terrestris) in my hunt.

It’s a good feeling submitting a record. It’s an even better feeling when your ‘likely’ identification is approved with a big green tick.

I saw two species yesterday, and I think I’d probably recognise them again in an identity parade. Not the individuals, obviously, but the species I think I’d manage.

There were about half a dozen or so bumblebees buzzing around on the willow flowers, about 4 or 5 metres above my head. Zooming in on the photos I had tree bumblebees and buff-tailed bumblebees.

Bombus hypnorum (Tree bumblebee)
Bombus hypnorum (tree bumblebee)

I thought they were all tree bumblebees at first, but after submitting the record it was pointed out to me that I also had buff-tailed bumblebees.

Bombus terrestris (Buff-tailed Bumblebee)
Bombus terrestris (Buff-tailed bumblebee)

Another layer of security for WordPress

A simple way of deflecting brute-force attacks is to require an additional password to access the WordPress login screen. Lots of security plugins will do this for you, but again, sometimes it’s better to DIY.

I put a .htaccess file in the wp-admin directory and that almost completely worked, but mystifyingly, and irritatingly, there would be regular failed login attempts. Not very often. About very 20 minutes or so. But I was irked (I tell you), as I couldn’t work out why they were happening.

My .htaccess file looked a bit like this:

<RequireAll>
AuthName "my site"
AuthType Basic
AuthUserFile <myauthfile>
Require valid-user
</RequireAll>

A few searches made references to differences between apache 2.2 and 2.4, and I thought that perhaps it was a syntax thing. But that didn’t seem to be it.

I did two things in the end, so I’m not sure what fixed it.

  1. I modified the .htaccess entry to specifically reference the file wp-login.php.
  2. I moved the .htaccess file to the parent directory.

So the relevant code looks something like:

<FilesMatch "wp-login.php">
AuthType Basic
AuthName "Secret stuff"
AuthUserFile <my auth file>
Require valid-user
</FilesMatch>

Disable xmlrpc.php

Thanks to the Simple History plugin, the first thing I noticed on my new WordPress install was hundreds of brute-force login attempts:

Anonymous user from x.x.x.x 4:25 pm (less than a minute ago)              Failed to login with         username "dougie" (incorrect password entered) warning       Showing 212 more     

And then more alarmingly, immediately the same thing on a new test user I set up a few minutes later. Of course, just because frustratingly I can’t work out how the attacker extracts the new WP username immediately doesn’t mean it ain’t happening. But the attack vector, so to speak, was the xmlrpc.php file.

Several ways to tackle this, and initially I used a security plugin to fix it. But given the choice, I’d rather do things like this manually so I have a better idea what’s going on, and maybe learn something too.

I pasted the code suggested from https://www.hostinger.com/tutorials/xmlrpc-wordpress into my .htaccess file:

    # Block WordPress xmlrpc.php requests
    <Files xmlrpc.php>
    order deny,allow
    deny from all
    allow from xxx.xxx.xxx.xxx
    </Files>

changing the allow from to the static IP for my regular connection, although strictly speaking I don’t think I need that and will try taking it out altogether sometime.

Publishing failed – JSON error

Migrating WP blog to my VM. New install of WordPress. Test posts with Guttenberg (Block) Editor. Following error:

Publishing failed. Error message: The response is not a valid JSON response.
Publishing failed. Error message: The response is not a valid JSON response.

An interesting rabbit hole. Lots of searches rightly suggested that using the classic editor would get round the problem. Or that by changing the permalinks settings to Plain would fix it. It did, but not much help if you want your permalink settings set to something else.

Eventually I discovered that the issue for me was with the .htaccess file not being processed, which was fixed by adding something along the lines of

<Directory /var/www/html>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
</Directory>

to the /etc/apache2/apache2.conf file (on Debian Buster). This worked for me, but I get the impression it’s better practice to edit the files in /etc/apache2/sites-available instead for any local code in case apache2.conf gets overwritten on an upgrade. Probably also need to do a:

a2enmod rewrite
systemctl restart apache2

So for me the cause of the error message was quite obscure. Useful link:

First attempts with trailcam

I do a lot of tinkering with webcams and raspberry pi’s. This works after a fashion but I decided to finally invest in a proper trail camera. The difference in quality is significant.

The camera I’ve bought is a Browning Recon Force Advantage from Nature Spy, and so far it’s looking promising. I’ve still got a bit to learn though. My main surprise is how much ambient light is needed before the camera stops using Infrared. The following video was, according to the timestamp, taken at 11:21AM today, and all the preceding videos are in infra red.

Admittedly it’s a wet, dreich day, and natural daylight hasn’t been in abundance anyway. Plus, the camera is strapped to the trunk of a Leylandii tree and I’m wondering whether the branches are casting shade over the camera’s sensor, despite the main capture area being relatively open.

After 11:21 the camera flips to daylight and suddenly there is colour.

No real surprises in the captures. Grey squirrels, magpies and crows. And it’s given me some ideas about the capture area. I think I’ll put it on that Katsura tree tonight (the one with the dangling yellow cable) and point it to the big tree stump.