HToD
Moderators: Freakzilla, ᴶᵛᵀᴬ, Omphalos
- SandChigger
- KJASF Ground Zero
- Posts: 14492
- Joined: 08 Feb 2008 22:29
- Location: A continuing state of irritation
- Contact:
Re: HToD
Chig has fixed it today.
Eat my rabbit nugget poopoos, bastard hackers!
It was just the blogs that were hacked, by the way, not the whole site.
Pretty stupid hackwork, too, considering how obvious it was that something was up from the way they did it, which knocked out the CSS layout and everything.
Fortunately it wasn't something really destructive like blanking the database entirely.
Eat my rabbit nugget poopoos, bastard hackers!
It was just the blogs that were hacked, by the way, not the whole site.
Pretty stupid hackwork, too, considering how obvious it was that something was up from the way they did it, which knocked out the CSS layout and everything.
Fortunately it wasn't something really destructive like blanking the database entirely.
- TheDukester
- Posts: 3808
- Joined: 20 Jun 2008 13:44
- Location: Operation Enduring Bacon
Re: HToD
Wow, what a farce.
Any suspects? Any evidence pointing to the Friends of James Harwood Society?
Any suspects? Any evidence pointing to the Friends of James Harwood Society?
"Anything I write will be remembered and listed in bibliographies on Dune for several hundred years ..." — some delusional halfwit troll.
- SandChigger
- KJASF Ground Zero
- Posts: 14492
- Joined: 08 Feb 2008 22:29
- Location: A continuing state of irritation
- Contact:
Re: HToD
Nah, I don't think they're that talented.
None of the files on the server had been edited, and there wasn't anything weird in the access logs, but they somehow managed to inject code into the database, so I think they logged in remote and accessed the MySQL via terminal mode. I logged in and contacted my provider and advised them of what had happened and changed my passwords.
No biggie, this time.
None of the files on the server had been edited, and there wasn't anything weird in the access logs, but they somehow managed to inject code into the database, so I think they logged in remote and accessed the MySQL via terminal mode. I logged in and contacted my provider and advised them of what had happened and changed my passwords.
No biggie, this time.
- Omphalos
- Inglorious Bastard
- Posts: 6677
- Joined: 05 Feb 2008 11:07
- Location: The Mighty Central Valley of California
- Contact:
Re: HToD
How do you back your site up? Im sure I could arrange a nightly backup of structure and db to a remote site if you would like. Actually, Raggy has all our sites backed up on cloud servers. Maybe you could do that?SandChigger wrote:Nah, I don't think they're that talented.
None of the files on the server had been edited, and there wasn't anything weird in the access logs, but they somehow managed to inject code into the database, so I think they logged in remote and accessed the MySQL via terminal mode. I logged in and contacted my provider and advised them of what had happened and changed my passwords.
No biggie, this time.
- SandChigger
- KJASF Ground Zero
- Posts: 14492
- Joined: 08 Feb 2008 22:29
- Location: A continuing state of irritation
- Contact:
Re: HToD
The server backs up the physical MySQL database files daily. I download & copy them to other locations every few days. I have multiple copies of all the other files on different machines. (Whenever I edit a file, I include a time & location comment before uploading. That way I can always tell which is the newer copy, the one on the server or the one on the machine I'm using.) I'm pretty covered. I think. In the event of a major hack & total wipe (knock on wood!), I might be able to have everything back up in a day or two. NOT wanting to put that to the test, of course!Omphalos wrote:How do you back your site up? Im sure I could arrange a nightly backup of structure and db to a remote site if you would like. Actually, Raggy has all our sites backed up on cloud servers. Maybe you could do that?
I haven't looked into the "cloud server" thingy; will do. Cheers!
- SandChigger
- KJASF Ground Zero
- Posts: 14492
- Joined: 08 Feb 2008 22:29
- Location: A continuing state of irritation
- Contact:
Re: HToD
Well, the saga of "JUST HOW FUCKED UP IS NETWORK SOLUTIONS' SERVER MANAGEMENT?!" continues:
The site has been infected with some sort of malicious javascript on almost all the main and subdomain index pages (index.html & index.php). I discovered the problem around 3:00 PM and uploaded fresh, clean copies of the files from my computer, but when I checked in again less than an hour later (after firing off a rather heated "GET YOUR FUCKING ACT TOGETHER" email at the provider), I discovered the clean copies had been replaced with infected ones again.
Probably best to stay away until I figure this out.
I'm starting to consider moving to a new provider now.
The site has been infected with some sort of malicious javascript on almost all the main and subdomain index pages (index.html & index.php). I discovered the problem around 3:00 PM and uploaded fresh, clean copies of the files from my computer, but when I checked in again less than an hour later (after firing off a rather heated "GET YOUR FUCKING ACT TOGETHER" email at the provider), I discovered the clean copies had been replaced with infected ones again.
Probably best to stay away until I figure this out.
I'm starting to consider moving to a new provider now.
- Eyes High
- Patience Personified
- Posts: 2322
- Joined: 22 Jul 2008 15:32
- Location: between the worlds of men and make believe
Re: HToD
Hope you get this worked out soon. Sorry that you're having to deal with this juvenile attack.
Looking forward to when HToD is back to its wonderful self.
Looking forward to when HToD is back to its wonderful self.
What fear is there in the night?
Nothing, but that which is in our own imaginations.
Nothing, but that which is in our own imaginations.
- SandChigger
- KJASF Ground Zero
- Posts: 14492
- Joined: 08 Feb 2008 22:29
- Location: A continuing state of irritation
- Contact:
Re: HToD
Yeah, just when the Concordance stuff has tentatively gone online and I'm getting ready to publish a Blow-this-Arabic-up-your-bung-Byron! page or two, all hell breaks loose.
Looks like they're on it, but only time will tell....
Looks like they're on it, but only time will tell....
- SandChigger
- KJASF Ground Zero
- Posts: 14492
- Joined: 08 Feb 2008 22:29
- Location: A continuing state of irritation
- Contact:
Re: HToD
I'm still not sure if the site is OK yet. Safari wasn't affected by whatever it was, to begin with. I looked at the front page with Firefox just now and it didn't bark or wet itself, FWIW.
I still can't FTP in, waiting for them to set the password correctly for me. (Or for the changes I've made to percolate through their system.) Once I can get in, I can tell at a glance if a file is infected, because they bloat from 2 or 3 to 10 or 15 KB.
Stay tuned.
I still can't FTP in, waiting for them to set the password correctly for me. (Or for the changes I've made to percolate through their system.) Once I can get in, I can tell at a glance if a file is infected, because they bloat from 2 or 3 to 10 or 15 KB.
Stay tuned.
- SandChigger
- KJASF Ground Zero
- Posts: 14492
- Joined: 08 Feb 2008 22:29
- Location: A continuing state of irritation
- Contact:
Re: HToD
I finally got FTP access to the server back Friday morning and everything looked OK for the bigger part of the day, but sometime between 6:30 and 7:00 PM the hackers started injecting javascript into the webpages again. I spent an hour or so replacing the infected files just to watch them reinfecting them within minutes of me fixing them. Broke for dinner and have been at it for another hour and a half, but I'm tired and stopping for the night. There's not going to be any new pages added or blogs posted until I either get this problem settled or the site moved to a new provider, so no real point in dropping by and risking your computers!
I'll post a notice here when it's safe to come back. Ciao for now!
I'll post a notice here when it's safe to come back. Ciao for now!
- Omphalos
- Inglorious Bastard
- Posts: 6677
- Joined: 05 Feb 2008 11:07
- Location: The Mighty Central Valley of California
- Contact:
- SandChigger
- KJASF Ground Zero
- Posts: 14492
- Joined: 08 Feb 2008 22:29
- Location: A continuing state of irritation
- Contact:
Re: HToD
Meh, could always be much worse, I suppose! The hackers aren't particularly malicious—they're not wiping the site or anything like that (yet)—or particularly bright, either, it seems. The code being injected is different from yesterday/day before, and I can actually see lines of it showing through the theme this time if I look at an infected page in Safari. (The javascript is obfuscated/encoded, so you can't really read it, but you can tell it's different just looking at it.) So it seems like a different hacker or group of them ... which means NetSol still hasn't really fixed whatever vulnerability let the first group in. Not as bright as the first group, but still able to get past NetSol security.
(Remember that the first groups of blog hackers were smart enough to hack the databases, but the code the ones who hit HToD were inserting broke the blog layout/theme and made it obvious something was up. Same thing with this current group.)
Ah well.
(Remember that the first groups of blog hackers were smart enough to hack the databases, but the code the ones who hit HToD were inserting broke the blog layout/theme and made it obvious something was up. Same thing with this current group.)
Ah well.
- SandChigger
- KJASF Ground Zero
- Posts: 14492
- Joined: 08 Feb 2008 22:29
- Location: A continuing state of irritation
- Contact:
Re: HToD
Yeah. If I was a paranoid can't-be-a-hasbeen-'cause-never-was-in-the-first-place washed-up nutjob sci-fi "writer" (snicker) in BFE Norman, Oklahoma, I might actually accuse someone at Dune Novels or KJASF of using their mad skillz to hack my site. Especially since DuneNovels is also with NetSol and they seem to be unaffected.
But I think we all know that both groups of mouth-breathing droolers are lucky to find their assholes to wipe after shitting (I figure they feel around and determine the sweet spot by tasting their fingertips), so this is a bit beyond them.
"Let the dead give water to the dead. As for me, it's NO MORE FUCKING TEARS!"
- SandChigger
- KJASF Ground Zero
- Posts: 14492
- Joined: 08 Feb 2008 22:29
- Location: A continuing state of irritation
- Contact:
Re: HToD
I'm pretty sure the website is clear again now. No sign of the hackers at all today.
Allez, allez, outs in free!
Allez, allez, outs in free!
- SandRider
- Watermaster
- Posts: 6163
- Joined: 05 Oct 2008 16:14
- Location: In the back of your mind. Always.
- Contact:
Re: HToD
I don't get some of this, are these jscripts aimed at your pages alone,
or are all the accounts from your provider being infected, and you're catching
the general fallout ?
if it's just HairyTicks, I don't see how we can't blame Keith, Merritt, and Corporate Dune ...
or are all the accounts from your provider being infected, and you're catching
the general fallout ?
if it's just HairyTicks, I don't see how we can't blame Keith, Merritt, and Corporate Dune ...
................ I exist only to amuse myself ................
I personally feel that this message board, Jacurutu, is full of hateful folks who don't know
how to fully interact with people. ~ "Spice Grandson" (Bryon Merrit) 08 June 2008
I personally feel that this message board, Jacurutu, is full of hateful folks who don't know
how to fully interact with people. ~ "Spice Grandson" (Bryon Merrit) 08 June 2008
- Freakzilla
- Lead Singer and Driver of the Winnebego
- Posts: 18454
- Joined: 05 Feb 2008 01:27
- Location: Atlanta, Georgia, USA
- Contact:
Re: HToD
Kanly it is then... or are we past that into jihad?
Paul of Dune was so bad it gave me a seizure that dislocated both of my shoulders and prolapsed my anus.
~Pink Snowman
- Nekhrun
- Icelandic Wiener
- Posts: 3298
- Joined: 10 Feb 2008 16:27
Re: HToD
Don't forget Uncie Mike with his high-level webskillz.SandRider wrote:I don't get some of this, are these jscripts aimed at your pages alone,
or are all the accounts from your provider being infected, and you're catching
the general fallout ?
if it's just HairyTicks, I don't see how we can't blame Keith, Merritt, and Corporate Dune ...
"If he was here to discuss Dune, he sure as hell picked a dumb way to do it." -Omphalos
Happy Memorial Day everyone! -James C. Harwood
"Three of my videos have over 100 views."
"Over 500 views for my 'Open Question' video." -Nebiros
Happy Memorial Day everyone! -James C. Harwood
"Three of my videos have over 100 views."
"Over 500 views for my 'Open Question' video." -Nebiros
- Freakzilla
- Lead Singer and Driver of the Winnebego
- Posts: 18454
- Joined: 05 Feb 2008 01:27
- Location: Atlanta, Georgia, USA
- Contact:
Re: HToD
(Better than mine )Nekhrun wrote:Don't forget Uncie Mike with his high-level webskillz.SandRider wrote:I don't get some of this, are these jscripts aimed at your pages alone,
or are all the accounts from your provider being infected, and you're catching
the general fallout ?
if it's just HairyTicks, I don't see how we can't blame Keith, Merritt, and Corporate Dune ...
Paul of Dune was so bad it gave me a seizure that dislocated both of my shoulders and prolapsed my anus.
~Pink Snowman
- SandChigger
- KJASF Ground Zero
- Posts: 14492
- Joined: 08 Feb 2008 22:29
- Location: A continuing state of irritation
- Contact:
Re: HToD
It's general fallout, not just HToD. I just happened to be unlucky in that my site is hosted on the server being attacked. DuneNovels is with the same provider, but on a different server, so they don't seem to have had any problems.SandRider wrote:I don't get some of this, are these jscripts aimed at your pages alone,
or are all the accounts from your provider being infected, and you're catching
the general fallout ?
if it's just HairyTicks, I don't see how we can't blame Keith, Merritt, and Corporate Dune ...
If it was a focused attack on HToD, yeah, then I'd suspect something was up. But most of the mouthbreathers surrounding KJA and DumbNovels these days are nothing to worry about.
(TheKJA does have one follower on Twitter that proclaims himself as an IT wizard, but who knows, you know? TheKJA proclaims himself a writer! )
"Let the dead give water to the dead. As for me, it's NO MORE FUCKING TEARS!"
- SandChigger
- KJASF Ground Zero
- Posts: 14492
- Joined: 08 Feb 2008 22:29
- Location: A continuing state of irritation
- Contact:
Re: HToD
Get ready for a
BLAST from the past!
TheKJA Emails, coming online on HToD!
Relive "Only One Mistake" NOW! Other KJA hits COMING SOON!
http://tiny.cc/53n7l" onclick="window.open(this.href);return false;
BLAST from the past!
TheKJA Emails, coming online on HToD!
Relive "Only One Mistake" NOW! Other KJA hits COMING SOON!
http://tiny.cc/53n7l" onclick="window.open(this.href);return false;