Backpack modification update – Hyperlite Mountaingear 4400 Southwest

I’ve spent some more time with my Hyperlite Mountaingear 4400 Southwest backpack modification. I’ve redone parts a few times because it looked bad.

For those that haven’t read my previous post, I am attempting to add d-rings to the shoulder straps so that I can hang a separate camera bag.

Not to be a downer dave, but I’m a little irritated that my sewing was slightly off with some of the webbing. I also made ample mistakes that still irritate me but I think I’ve saved it :).

The bit near the d-ring isn’t complete, that’s why it looks a mess. The carbon fibre rod still needs to be trimmed and I’m probably going to add a few of those bright green things. They look cool.

It’s not yellow, the lighting in my room is bad. I took this with my phone (I’m lazy.)

Zebralight H600Fd Mk IV review incoming

I have great news :). The Zebralight H600Fd Mk IV is in stock as of this morning and I have ordered one. I’m not 100% sure when it will arrive but I’m looking forward to trying it out. It’s something I want to review, as it’s a high CRI light and it might be quite useful for photography as well as the obvious.

Hyperlite Mountaingear 4400 Southwest backpack modifications and update

This year is going by quite quickly already! There’s only a few months to go until I leave to hike the Great Divide Trail in Canada :).

I’ve been busy with a few things, many mistakes have been made and hopefully you can learn from my losses, haha.

After examining my Hyperlite Mountaingear 4400 Southwest backpack, I’ve thought about various modifications. We can all pick fault in something, so don’t think of this as me saying the backpack isn’t good or something like that. As stated in a few posts now, I’ve been trying to attach a camera bag to my backpack. A camera inside a backpack on a through hike is basically a lead weight–it won’t get used.

A shopping list will be provided at the bottom of the page…

As you can see, I’ve started by sewing something near the shoulder straps at the top. The reason for this is that the webbing on the shoulder straps themselves doesn’t look super durable and I wouldn’t trust it to hold the weight of my camera (Sony a7rII and a 24-70 GM lens, plus the weight of the bag.) This camera combination is already quite heavy and I think you should forget a heavy DSLR with a 24-70mm f/2.8 lens (the extra few hundred grams will make a huge difference and it’s much easier to put a few extra batteries in your backpack i.e. offset the weight somewhere else.) If you have the money, I’d advise getting the 16-35 f/2.8 GM lens instead (assuming you’re okay with that focal length too.) It was out of budget for me and I want to bring a Zeiss Loxia 21mm f/2.8 as well, anyway, I digress…


Instead of cutting long pieces of webbing and then trimming them to size, I tried to make them the right size to begin with and I ended up with barely any material to play with. I’ve never sewn anything before and I feel like a complete idiot really. It was a stupid mistake to make.

The white you see under the webbing is white velcro, and I’m going to change some of that. The loose thread is because I haven’t finished, and if you notice the overlapping webbing on the left is shorter than on the right. I will tidy that up by trimming the excess on the right, but you get the general idea. Like I said… I’m an idiot, haha. I won’t be making that mistake again. In the middle is a carbon fibre rod and then more webbing with a d-ring on the end. Something I’ve found quite useful for preventing fraying and other things is to use a soldering iron. It’ll make the soldering iron messy and obviously a heat gun is better, but it works quite well.

The theory behind this Hyperlite Mountaingear 4400 Southwest backpack modification is that it will pull weight from two points on either side. I can then attach the camera bag to these straps. The extra weight is negligible and it feels pretty comfortable.  The two pieces of webbing coming down could be a bit longer or a bit shorter. I wasn’t 100% sure where to put them or how long to make them, all I knew was that if they were the wrong length, I would risk cutting into my neck or shoulders. I think they could possibly be slightly longer… Again, I wouldn’t have had this problem if I made the webbing longer to begin with. I’d have never made this mistake with carbon fibre or metal, so I don’t know why I made this mistake with sewing. I think perhaps because I don’t have much webbing, I was afraid of using too much… Who knows.

At the moment, the carbon fibre rod is loose. One solution is to wrap some cuben fibre tape around it and then sew through the excess tape, another idea is to epoxy one piece of webbing to the carbon fibre. The webbing in the middle has to be able to rotate but equally the carbon fibre rod cannot slide through and fall out, otherwise I’ll be a little unhappy.

Sewing through tape isn’t my favourite thing to do because the glue sticks to the needle. I’ve been using a speedy stitcher sewing awl with a fine needle. The needle has to be bought separately. If you’re from the UK, I’d buy it from eBay.

In the photograph above, you can see the carbon fibre rod is a bit long, I’ll sand the excess later on. It’s certainly not my finest work, but when I finish it, tidy it up and whatnot, it should do the job quite well I think.

I’m going to stick some d-rings near the excess shoulder straps too, as well as one more, on each side, around the hip belt. This will allow room to attach lightweight items or the second points on my camera bag to prevent it from swinging everywhere.

Here is the top of the Hyperlite Mountaingear 4400 Southwest backpack, and as you can see it has a strip of 20mm velcro. In my opinion, this is probably unnecessary most of the time. It does help to get the bag lined up but it’ll probably shred a fleece or whatever. I’m uncomfortable removing it so I’m simply going to cut some extra velcro and leave it there.

Shopping list:

  • Speedy Stitcher Sewing Awl
  • Speedy Stitcher Fine needle
  • Bonded Nylon #69 black thread
  • 20mm Webbing
  • 20mm White Velcro (for backpack)
  • 20mm Black Velcro (for webbing)
  • 20mm D-rings

I bought my d-rings from eBay. These are 20mm Nexus D-rings.

On a completely unrelated note…

The size 13 bushido remains to be my favourite shoe of all time, but the high arch is painful for me. Bitcoin has dropped in value, and I’ve had duplicate customs charges (one item I received was damaged.) It’s a difficult process getting a refund, and I’ve had a string of bad luck lately. I must say that ZPacks were very helpful in replacing my item.

Some other shoes I have tried… Arcteryx Norvan, Salomon XA Pro and Salomon X ultra 3. The size 13 Salomon XA Pro’s seem to fit quite well.

Camera bags for the Sony a7rII, Sony a7rIII or the Sony a9

I’m considering buying a Sony 24-70 f/2.8 GM lens and I’m looking at a small bag to be used with my Sony a7rII and my hiking backpack i.e. I’ll have a little side bag.

I originally planned for the PCT and would be bringing a Zeiss Loxia 50mm f/2.0 lens or a Sony Zeiss 55mm f/1.8 lens; therefore, my Lowepro Toploader 45 AW II would work perfectly. Unfortunately, judging from the measurements, the Sony 24-70 f/2.8 GM lens won’t quite fit! I’m probably going to get a Lowepro Toploader 50 AW II as it’s slightly bigger but not too big.

Anyway, after re-reading my camera bag photography reviews (12 and 3), I’ve decided I definitely need to re-write them. I’m awfully lazy when it comes to writing reviews but it makes me look a bit stupid / like a slob, haha. I can’t promise when I will get around to re-writing them as I have hurt my arm and it’s a bit painful to type. I will try sometime in the future.

I’ve also bought another bag since then as well, a Crumpler Muli 7500, which I also highly recommend. When I get the Sony 24-70 f/2.8 GM lens, I will see which bags it fits in and let you know if it works in this too.

WordPress XMLRPC Bruteforce & Spam

There’s an incredible amount of trolls/spammers/hackers on the internet and even if your site isn’t that popular, don’t underestimate the amount of bots and whatnot that’re about.

One of the most recent attempts has been from the IPs “” and “” (by the way; I would never disclose an IP address of someone whom I believed to be innocent, so if your computer has simply been hacked send me a message and I’ll remove this!) I’m quite often having trouble with IPs in the 185.*.*.* range, and it’s really amusing but also a bit worrisome you might think.

The quickest way I notice suspicious behaviour is when my website receives a lot of hits from a specific IP address.  If you’re not too tech savvy, I suggest installing the WP Statistics plugin. You’ll be faced with a list of IPs on the overview page and you’ll see the hits an IP has there:

Rank	Hits	Flag	Country	IP	Agent	Platform	Version
1	633	Unknown	Unknown	MSIE	Windows	7.0
2	278	Unknown	Unknown	MSIE	Windows	7.0

Accessing the access log will typically give you a rough idea as to what’s happening, for example they might be using an xmlrpc.php exploit. You can view the log using nano:

nano /var/log/httpd/access_log

Once in the log, search for the IP address and you’ll be faced with the user’s activity: - - [01/Nov/2017:13:53:08 +0000] "POST /xmlrpc.php HTTP/1.0" 200 394 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" - - [01/Nov/2017:13:53:08 +0000] "POST /xmlrpc.php HTTP/1.0" 200 394 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" - - [01/Nov/2017:13:53:09 +0000] "POST /xmlrpc.php HTTP/1.0" 200 394 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"


The lazy way to deal with them using CentOS (or any operating system, but this won’t work with all operating systems) is to firewall them:

firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address= reject"
firewall-cmd --reload
firewall-cmd --zone=public --list-all

Unfortunately, this can be problematic if your site is extremely popular as someone else can use that IP address (if it’s dynamic) and you’ve blocked them from your site. They can also change IP address, but there are benefits to simple IP firewall bans (I’ll speak more about that soon.)

Another method is to add these lines to virtualhost:

    <^><files xmlrpc.php>
      order allow,deny
      deny from all

I did something slightly more crafty though. Rename the xmlrpc.php file or make a backup of it and delete the old:

cp xmlrpc.php xmlrpc.php.backup
rm -rf xmlrpc.php
nano xmlrpc.php

Then in nano, add a redirect:



With the XMLRPC exploit, people are using your website to send spam information and it becomes a bit like what’s called a “botnet.” Using this method, when something malicious connects to the xmlrpc.php page, it gets redirected to the home IP.

I said there’s benefits to simple IP firewall banning, and there is. If a user is targeting you specifically (attacks like these are very rarely personal, but trolls are another matter), then an IP firewall demonstrates you’ve attempted to ban the perpetrator. The ban doesn’t have to be perfect for you to prove you’ve made ample effort to get the perpetrator to leave you alone. Actions you take might also have an equal and opposite reaction. For example, editing the xmlrpc.php file in such a way means that plugins which rely on it might not function at all. Jetpack is one of these plugins for example. You should never reveal your hand, and you should always appear weak. A simple IP firewall might be easy to circumvent, but you can show an access log to an ISP and it’s proof enough.

The benefits of running your own webserver

Obviously it might be considered a hassle to have to worry about trolls, spammers, hackers, people trying to bruteforce you, etc. but the benefits outweigh the cons, for me.

For example, facebook or any popular site could have something negative happen to it to cause information to get lost. Correct me if I’m wrong, but I don’t believe they have a legal obligation to backup your data if you’re not paying and even if you do pay for a service e.g. squarespace, unless it’s specifically stated in the contract, I don’t believe they have to backup your data. Even if they do backup your data, it’s not necessarily easy to put that data into a usable format. With running your own MySQL server and whatnot, it’s relatively easy (it’s one command line) to save the database.

You also have access to log files and while this might be available for other services (I’m sure it is with some), it’s a lot easier to access if you own/manage everything. In the event you get targeted by a specific person, you have access to the logs–they give you more information than a simple IP address. Hosting is also a lot cheaper if you manage everything–as it should be, it’s costing you time. If you have a lot of time but not a lot of money, this method is better, in my opinion. If you’re experienced with computers, it might also cost you less time than if you signed up for a service like square space.

I don’t make much from this site after server costs and I’ve only received the one donation–thank you by the way–I put 100% of that towards a charity, but I like to keep costs down regardless :).

Strange DDOS attack

Rank Hits Flag Country IP Agent Platform Version
1 591 Unknown MSIE Windows 7.0
2 589 Unknown MSIE Windows 7.0
3 571 Unknown MSIE Windows 7.0
4 566 Unknown MSIE Windows 7.0
5 547 Unknown MSIE Windows 7.0
6 517 Unknown MSIE Windows 7.0
7 492 Unknown MSIE Windows 7.0
8 138 Unknown MSIE Windows 7.0
9 138 Unknown MSIE Windows 7.0
10 138 Unknown MSIE Windows 7.0

It’s funny, I’ve recently had spam requests trying to guess my admin password for the CentOS server I use to run this website. I can only assume it’s some kind of bruteforce attack.

Then even more recently, someone’s tried to trouble me with this attempted DDOS attack. In my opinion, as oxymoronic as this sounds, security through obscurity isn’t really security at all; however, WordPress is extremely popular and there are ways it can be violated/exploited. This specific type of attack probably wouldn’t exist if WordPress wasn’t so popular. I suggest reading about the “Disable XML-RPC Pingback” plugin and installing it.