Stress-Free Trader (The Lawrence Chan Blog)
Full time index & forex trader, occasional consultant to hedge funds / institutions, my work leads to my not so normal view of the financial markets. My blog mostly talks about trading, market behaviours and other musings.
Originally this blog is supposed to be organized in a separate website like what most authors do but I don't think I will maintain it properly that way. So here it is as part of this website.
In case you are curious of what I do outside of blogging here:
|subscribe to blog rss|
|View Lawrence Chan's profile||Google+|
Another day of hard work with some experts on wordpress security. After analyzing many days of access logs of the website, I’ve learned quite a number of tricks the bots are using. There are actually quite a number of different bots out there ready to exploit any websites and surprisingly not that many site owners are aware of the vulnerabilities of their websites.
Before the latest round of attacks last week, I was a believer that we’ve done a good job protecting it.
I was correct that daytradingbias.com is secure from those bots that are designed to hack the site for client information. Our design has taken into account good security measures thus there was never a problem in this area.
I was also correct that our site is secure from hijack attempts. We’ve done a good job making it very difficult to gain control of the website. Many of these bots do not really care about stealing things. They wanted to control the servers so that they can use them as drones to attack other websites, important websites.
In other words, website owners who are not prepared would cause the servers hosting their websites to be hijacked for malicious purposes.
After patting my back, let’s talk about the part that I was dead wrong. What we failed to address, was the security measures in limiting the content stealing bots. I thought we have done enough but the reality hits me hard. It was these bots that brought down our site from time to time. It is an eye opener learning how they function with all these ways to scan and steal contents from websites.
Not just my website but also the ones belonging to many major companies are being attacked by these bots everyday. I was shown how they work and the fact that they work efficiently on these brick and mortar websites tells me there exists an industry of content stealing. Remember, majority of these looting bots do not even know what they are looting. They just do it in mass scale so that, once in a while, they would hit someone useful or valuable.
For the big companies, many of them have put lots of resources behind their websites. Thus it is not likely their websites will be affect significantly. For websites like daytradingbias.com that are not prepared for heavy traffic, it is a different story. The brute force attack to loot the content can overload the servers quickly.
These bots are not very patient too. They scan for weaknesses, loot at high speed, and then target the next victim.
I make it sounds like real life robberies, isn’t it?
At this point, we’ve added many security measures to safe guard against these attacks. I cannot talk about the security measures taken because they are trade secrets that the security experts prefer to keep under the radar so that the techniques can stay effective.
I feel better, at least for now, after this ordeal.
Since afternoon April 9th, our site was not accessible because of the necessary changes we have to make to our domain name server. We have arranged our website to be guarded by a 3rd party service against the ever escalating attacks of our site. It was supposed to be a simple change and once the information has propagated through the internet the site would return to normal. Well, that was what I thought.
When A Server Goes Haywire, It Becomes An Adventure
Instead, we went through a 30-hour marathon of emergency repair.
One failure from one end point turns into another failure at another part of the server. By midnight we knew the site was beyond repair thus we went for restoration of our website from backup. We managed to piece together a barely running website at around 9 am Eastern Time. Talking about perfect timing there.
The backup of the website we have has posts and other contents up to April 8th in the morning. The rest of the site has to be reconstructed and reconfigured so that the site can run smoothly again. Many thanks to the tech support team from our hosting company servint.net. They pulled us through every obstacle throughout the ordeal.
There Are Two Good Reasons For Going Into So Much Trouble
The way our site being harassed by spam bots, hostile crawlers and pure evil DDoS attacks has been growing quickly since mid 2013. Although we have done a good job in protecting our website through standard measures, they are by no means enough to handle the hostilities at the current level we have witnessed.
We have several choices to deal with the problem. I picked the one that is most scalable. Should there be more attacks, our site will have a much better chance to survive. Since we are offering premium services, it is the least thing we can do to ensure our premium members can access the premium reports and real-time tools.
By having the protection service in place, it also improves the overall efficiency of our server because it is also a CDN (content delivery network) service. It means that the real-time bias reporting tool I’ve planned to release will be able to deliver real-time signals and biases on time even under tough server load conditions. This second reason alone is good enough for me to take the steps we’ve taken to secure the site.
At this point daytradingbias.com is fully functional with a few exceptions due to the outage that happened on and off since April 8th.
The exceptions are:
1. Part of the real-time commentaries transcript from April 8th to 10th are missing. We should be able to pull out the records from another backup and have that restored by this weekend.
2. The posts I made over the past 2 days were missing but I managed to find my local copy. I have them uploaded to the site already.
3. Some forum comments and comments on articles are now gone. Depending on the progress of data recovery over the weekend, we may be able to restore the messages but I do not have high hope on that due to the complexity.
4. Some of the premium reports for April 8th – 10th are missing. The premium reports for April 11th (tomorrow) are all posted properly today.
5. Ad placements are all missing because their database records are destroyed by the server side changes. Obvious the server has a distinct taste of computer records to destroy. All my articles and reviews are intact but the ads were wiped out.
Thank you all for being patient with us when the site was down.
While I was away today I received message from my guys that daytradingbias.com was under attack again. This time, thanks to our effort in beefing up the overall protection of the site, it did not go down and survived the incident. It is something to be proud of. Thousands of hits and the server took it like a great fighter and stood its ground. The problem, however, is that it is affecting my plan to launch our real-time trading tools.
The site was slowed down significantly meaning all visitors accessing the site at the time will feel the impact. I have to study the impact of such slow down in overall server speed to make sure it will not affect the performance of the real-time tools. It is just another challenge to overcome.
Worst case scenario I will rearrange the real-time services through special secure server so that no one can attack the server at all. It will be costly but also guarantee the performance.
I am in talks with some experts on the issue. A decision will be made as soon as I figure out which way is the best option going forward.
Google The Latest Casualty Of Hedge Funds Moronic Behaviour
2014 Apr 6 Sun 12:14:33 | by No comments yet|
The irrational investors always make the same mistakes again and again because they act on their emotions. The funny thing is, many hedge funds behave exactly the same way, for a completely different set of reasons. Past two weeks, the massive unloading in Google confirms how unreasonable both average investors and hedge funds can be.
What Happened To Google Since Beginning Of March 2014
Following is a simple daily price chart on Google.
Below is the sentiment among the Stocktwits members over the past month.
Notice how the sentiment among the average joe traders surged in late March to early April while distribution was is progress.
Price pattern anyone? Classic bear flag right there. Bear flag and bull flag are continuation pattern. They are basic patterns any properly trained chart readers would not miss.
The outcome, of course, is further selloff.
As in the classic Wall Street speak, these Google fans are married to their positions.
The Cornered Hedge Funds
As reported by various sources, Google is one of the top holdings by the major hedge funds.
Notice that it was also one of the few names at the top of the list where these hedge funds are showing a profit.
If you were running a hedge fund, would you make the objective decision to cut losses on your biggest positions even though that could be the correct decisions to make?
Of course not. Cutting losses on size like this will destroy the performance of the funds and in turn trigger redemption from investors. The logical decision is to ignore the risk and pile on more money on the losing positions to hope for the best.
The funds are cornered to make bad decisions because the slim chance to turn around the situation is better than taking the route of sure destruction.
These hedge funds are not married to their losing position by emotion. They are married to them by logical, although not necessary ethical decisions.
Sell The Winners To Free Up Cash
In order to sit on the losers, the hedge funds have to find cash somewhere.
They do exactly what the irrational investors usual do by selling the winning positions to get more cash to maintain their margin requirements. If there are extra cash freed up from the winning positions, they average down on their losing positions and hope for the best.
That’s why the top holdings of the major hedge funds that are still profitable are being hammered. Once one of these funds started to unload, the rest of the hedge funds have no choice but to unload too because they need to book a profit on their positions. They do not have a choice.
This is exactly why the bear flag was showing on the Google daily chart in late March to early April.
A Repeat of What Happened to Apple
I warned back in end of January about the situation of Google is very similar to that faced by Apple.
I received quite a number of hate messages since. It was obvious to me that many people are investing in Google irrationally and emotionally. It is, by itself, a big warning sign.
Stock trading, especially trading the big names, is no longer a single dimension thing. One cannot look at a single metric like fundamental data and assume the world will behave according to your beliefs. What happened to Apple and Google is a wake up call to all investors.
Money flow matters. What the biggest players are doing to the stocks matters.
I was talking about the release of the Real-Time Bias Reporting tool for a long time.
I always think that we can make it by the end of the 1st quarter of 2014.
Well, we missed it but I am still happy about it.
Consider what happened to DaytradingBias.com website over the past few weeks:
Talking about Murphy’s Law on steroid!
We scrambled to take care of these security loopholes and weaknesses. I recognize that It is extremely important to make sure daytradingbias.com can run smoothly 5/24 since traders will depends on the trading tools we are going to deploy. There were so many things we have to do we have to suspend work on everything else to focus on resolving these issues.
Our effort has now paid off:
It was difficult over the past few weeks to get all these things done.
But isn’t it better to have these issues taken care of before it is too late? I think so.
We can now focus on our regular schedule, finally.
The One Character Trait That Predicts Trading Failure
2014 Mar 24 Mon 23:54:09 | by 1 comment|
Since I posted the original news about our site being attacked, there are many more attempts in bring down our site.
We’ve been in touch with our web hosting company and extra measures are taken to help us defending the site. All the work done these two days should be sufficient for now to keep our website in good shape even under the same kind of attack. Hopefully this waves of attacks will end soon.
The attack is not limited to our site only as a large scale attack on all wordpress based websites has started since the beginning of year 2014. Early this month, several websites belonging to large companies were taken down from hours to several days.
Our original defense mechanism was able to fend off many attacks (every day more than a few thousand tries). But the problem has escalated to burst of several thousand hits within minutes many times lately. That stalled our server to not accessible to regular users and members from time to time.
We’ve done all we can within such a short time period. Should we find that these attacks continue to affect our website we will expand our resolution to include more sophisticated technology to deal with the problem.
Sorry for the inconvenience.
So far there is no report of Internet wide attack on websites powered by WordPress today.
We’ve done enough basic measures for now to protect the website. However, we have to dig deeper to beef up the security measures so that the attackers cannot slow our site to a crawl again.
If we are going to install server-side software, it will be done after 11 pm Eastern time. It should not last more than an hour or two.
Sorry for the inconvenience.
Don’t get too drunk, the markets are open today!
We’ve got a partial update on the research and article section today.
It is not fully updated yet because I have not spent enough time to browse through the several hundreds of articles with proper tagging.
The partial update at least made more articles easier to access at this point.
Check it out yourself – Research section.
Will keep you all posted when I complete my part of the update.
p.s. I was told that I am slowing their work down … can’t help feeling old among a bunch of young adults.
|blog link partners|
Investing Blog Directory