Jᴀᴄᴜʀᴜᴛᴜ - Tʜᴇ Cᴀsᴛ Oᴜᴛ

Looks like its been hacked. Why dont you all just stay away until Chig can fix it tomorrow?

Chig has fixed it today.

Eat my rabbit nugget poopoos, bastard hackers!

It was just the blogs that were hacked, by the way, not the whole site.

Pretty stupid hackwork, too, considering how obvious it was that something was up from the way they did it, which knocked out the CSS layout and everything.

Fortunately it wasn't something really destructive like blanking the database entirely.

meanies

Wow, what a farce.

Any suspects? Any evidence pointing to the Friends of James Harwood Society?

Nah, I don't think they're that talented.

None of the files on the server had been edited, and there wasn't anything weird in the access logs, but they somehow managed to inject code into the database, so I think they logged in remote and accessed the MySQL via terminal mode. I logged in and contacted my provider and advised them of what had happened and changed my passwords.

No biggie, this time.

SandChigger wrote:Nah, I don't think they're that talented.

None of the files on the server had been edited, and there wasn't anything weird in the access logs, but they somehow managed to inject code into the database, so I think they logged in remote and accessed the MySQL via terminal mode. I logged in and contacted my provider and advised them of what had happened and changed my passwords.

No biggie, this time.

How do you back your site up? Im sure I could arrange a nightly backup of structure and db to a remote site if you would like. Actually, Raggy has all our sites backed up on cloud servers. Maybe you could do that?

SandChigger wrote:Nah, I don't think they're that talented.

Sounds conclusive then. Harwood must've involved!

Sue me over that, asshat!

Omphalos wrote:How do you back your site up? Im sure I could arrange a nightly backup of structure and db to a remote site if you would like. Actually, Raggy has all our sites backed up on cloud servers. Maybe you could do that?

The server backs up the physical MySQL database files daily. I download & copy them to other locations every few days. I have multiple copies of all the other files on different machines. (Whenever I edit a file, I include a time & location comment before uploading. That way I can always tell which is the newer copy, the one on the server or the one on the machine I'm using.) I'm pretty covered. I think. In the event of a major hack & total wipe (knock on wood!), I might be able to have everything back up in a day or two. NOT wanting to put that to the test, of course!

I haven't looked into the "cloud server" thingy; will do. Cheers!

Well, the saga of "JUST HOW FUCKED UP IS NETWORK SOLUTIONS' SERVER MANAGEMENT?!" continues:

The site has been infected with some sort of malicious javascript on almost all the main and subdomain index pages (index.html & index.php). I discovered the problem around 3:00 PM and uploaded fresh, clean copies of the files from my computer, but when I checked in again less than an hour later (after firing off a rather heated "GET YOUR FUCKING ACT TOGETHER" email at the provider), I discovered the clean copies had been replaced with infected ones again.

Probably best to stay away until I figure this out.

I'm starting to consider moving to a new provider now.

Hope you get this worked out soon. Sorry that you're having to deal with this juvenile attack.

Looking forward to when HToD is back to its wonderful self.

Yeah, just when the Concordance stuff has tentatively gone online and I'm getting ready to publish a Blow-this-Arabic-up-your-bung-Byron! page or two, all hell breaks loose.

Looks like they're on it, but only time will tell....

I'm still not sure if the site is OK yet. Safari wasn't affected by whatever it was, to begin with. I looked at the front page with Firefox just now and it didn't bark or wet itself, FWIW.

I still can't FTP in, waiting for them to set the password correctly for me. (Or for the changes I've made to percolate through their system.) Once I can get in, I can tell at a glance if a file is infected, because they bloat from 2 or 3 to 10 or 15 KB.

Stay tuned.

I finally got FTP access to the server back Friday morning and everything looked OK for the bigger part of the day, but sometime between 6:30 and 7:00 PM the hackers started injecting javascript into the webpages again. I spent an hour or so replacing the infected files just to watch them reinfecting them within minutes of me fixing them. Broke for dinner and have been at it for another hour and a half, but I'm tired and stopping for the night. There's not going to be any new pages added or blogs posted until I either get this problem settled or the site moved to a new provider, so no real point in dropping by and risking your computers!

I'll post a notice here when it's safe to come back. Ciao for now!

Thanks for keeping us abreast of this cluster fuck. Where's geocities when you need them >)

Sorry, Dude. Sucks.

Meh, could always be much worse, I suppose! The hackers aren't particularly malicious—they're not wiping the site or anything like that (yet)—or particularly bright, either, it seems. The code being injected is different from yesterday/day before, and I can actually see lines of it showing through the theme this time if I look at an infected page in Safari. (The javascript is obfuscated/encoded, so you can't really read it, but you can tell it's different just looking at it.) So it seems like a different hacker or group of them ... which means NetSol still hasn't really fixed whatever vulnerability let the first group in. Not as bright as the first group, but still able to get past NetSol security.

(Remember that the first groups of blog hackers were smart enough to hack the databases, but the code the ones who hit HToD were inserting broke the blog layout/theme and made it obvious something was up. Same thing with this current group.)

Ah well.

Must be the work of a KJASF member.

Yeah. If I was a paranoid can't-be-a-hasbeen-'cause-never-was-in-the-first-place washed-up nutjob sci-fi "writer" (snicker) in BFE Norman, Oklahoma, I might actually accuse someone at Dune Novels or KJASF of using their mad skillz to hack my site. Especially since DuneNovels is also with NetSol and they seem to be unaffected.

But I think we all know that both groups of mouth-breathing droolers are lucky to find their assholes to wipe after shitting (I figure they feel around and determine the sweet spot by tasting their fingertips), so this is a bit beyond them.

I'm pretty sure the website is clear again now. No sign of the hackers at all today.

Allez, allez, outs in free!

I don't get some of this, are these jscripts aimed at your pages alone,
or are all the accounts from your provider being infected, and you're catching
the general fallout ?

if it's just HairyTicks, I don't see how we can't blame Keith, Merritt, and Corporate Dune ...

Kanly it is then... or are we past that into jihad?

SandRider wrote:I don't get some of this, are these jscripts aimed at your pages alone,
or are all the accounts from your provider being infected, and you're catching
the general fallout ?

if it's just HairyTicks, I don't see how we can't blame Keith, Merritt, and Corporate Dune ...

Don't forget Uncie Mike with his high-level webskillz.

Nekhrun wrote:

SandRider wrote:I don't get some of this, are these jscripts aimed at your pages alone,
or are all the accounts from your provider being infected, and you're catching
the general fallout ?

if it's just HairyTicks, I don't see how we can't blame Keith, Merritt, and Corporate Dune ...

Don't forget Uncie Mike with his high-level webskillz.

(Better than mine )

SandRider wrote:I don't get some of this, are these jscripts aimed at your pages alone,
or are all the accounts from your provider being infected, and you're catching
the general fallout ?

if it's just HairyTicks, I don't see how we can't blame Keith, Merritt, and Corporate Dune ...

It's general fallout, not just HToD. I just happened to be unlucky in that my site is hosted on the server being attacked. DuneNovels is with the same provider, but on a different server, so they don't seem to have had any problems.

If it was a focused attack on HToD, yeah, then I'd suspect something was up. But most of the mouthbreathers surrounding KJA and DumbNovels these days are nothing to worry about.

(TheKJA does have one follower on Twitter that proclaims himself as an IT wizard, but who knows, you know? TheKJA proclaims himself a writer! )

Get ready for a

BLAST from the past!

TheKJA Emails, coming online on HToD!

Relive "Only One Mistake" NOW! Other KJA hits COMING SOON!

http://tiny.cc/53n7l" onclick="window.open(this.href);return false;