Hacked!

Posted by on . 4 comments.

Yesterday, while I was out getting some (NomNomNomSoGood) ice cream at Mitchell’s, I took a picture of the Mitchell’s sign, and then posted that picture (via flickr) to this blog. When I checked my blog to see if the post had come through, there was already a new post up – and it wasn’t written by me! That’s not unusual for any of the (many) multi-author blogs out there, but mine is a tiny blog, with (maybe?) four readers and (definitely) just one writer. The inescapable conclusion was that a total stranger (at *least* one – maybe more?) had somehow obtained Administrative rights on my server. Uh-oh.

It turns out that I had done an incredibly boneheaded thing. While the “front door” of the blog (and the web server in general) was pretty well secured, I had essentially left a side door WIDE, WIDE open, giving unrestricted access to the MySQL database which powers this blog (plus my photo gallery, plus other things) to anyone who could be bothered to grab it. I thought I’d locked that door as well, but, well… no. No, I really hadn’t. I’d actually left it off the hinges, with a red carpet rolled out, and a huge neon sign on a post nearby saying “Please Come In and Take Whatever You Like”.

Fortunately, it appears that the first hacker (is that the right term?) to come along and say “What’s with the wide open door? Maybe I should go inside and have a look!” happened to be a really nice guy, with some mad skillz, a sense of humor, and no discernible malice. Instead of deleting my content, or filling the site with spam, or changing the page templates to carry nasty computer virus payloads to all my (four?) readers – all things he could have trivially done – he just left a funny post on the blog, which effectively was a heads-up to me that I had left a door wide open somewhere.

Better yet, when I e-mailed the “intruder” (Is it intrusion if the door is wide open? And yes, he left me his real e-mail address.), he replied to let me know how he got in, which enabled me to quickly find the open door, figure out what had gone wrong, and get it closed up. I’m leaving his post up, though, if for no other reason then as a reminder to myself to always take the extra few minutes to TEST TEST TEST the server security. For the record, your .htaccess and .htpasswd files can be just as perfect as can be, but if you (a) have “AllowOverride None” specified for the virtual host, and (b) forget to TEST the site, so that you *realize* that you’ve accidentally left AllowOverride set to “None”, then you, too, can end up with one of the world’s most hackable servers. All because of a single word on a single line of a single Apache configuration file – such are the joys of System Administration. Hubris, anyone?

Props and many thanks go to Tetsu, for being a White Hat Hacker, a jokester, a good netizen, and a good sport. And most of all for being gentle with my server when he could just as easily have trashed it, and by extension saving me from the scumbag who would inevitably have come along and actually trashed it. (Yes, I have backups, but doing an unscheduled wipe-and-restore, not to mention a forensic audit, really isn’t my idea of a good time.) Anyhow, thanks to Tetsu, I learned a valuable lesson in a much easier way than I otherwise would have.

Thanks, Tetsu. If you’re ever in San Francisco, I owe you a drink – your choice. And a round of DDR, if you’re up for that. :D

Comments

  1. Rammy says:
    2007/07/18 at 3:36 pm

    Hey Dan.
    A cautionary tale for sure.
    Luckily the hacker was a nice guy.
    I am totally terrified of identity theft, remember your experience in Richmond!
    Keep those doors locked, you’re not in Kansas anymore.

    Ram (from my underground bunker)

  2. Anonymous says:
    2007/07/19 at 1:38 am

    I’m actually all for a more open society. I think people aught to not be afraid of being unsecured; perfect security is impossible. I only do this stuff to point out that there are insecurities, and for the most part, it’s ok.

  3. Eddy Rochman says:
    2007/07/23 at 5:08 pm

    Hi Dan, thats some scary shite.
    Is this guy, larger than 6′ 2″ and a perfect specimen like Tire Anastasie on Andromeda, cause otherwise the netizen reference was lost on me.
    I saw what you did with the kids pictures on the mag covers, brilliant. Man Shane looks blitzed.
    Give Em a big hug and kiss from all of us, and tell her to give you one from us as well.
    Be carefull its a scary world out there.
    Love Eddy

  4. Dan Rochman says:
    2007/07/25 at 8:03 am

    Eddy, I think you mean Tyr Anasazi , a Nietzschean (as opposed to a Netizen) character on the TV series Andromeda. The term Netizen is a neologism – it’s a portmanteau of “Internet” and “citizen”. I don’t know where Tetsu actually lives (much less whether he’s a “perfect specimen” – you can come out of that closet any time, by the way), but I know he’s a de facto citizen of the internet, and in my opinion he’s a good one. :)

    Glad you guys had a good trip, and made it home safe and sound. Smooches to everybody, and don’t be too scared of that world out there – it’s mostly full of interesting stuff, and some interesting folk.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Spam Protection by WP-SpamFree