HToD


Moderators: Freakzilla, ᴶᵛᵀᴬ, Omphalos

User avatar
Omphalos
Inglorious Bastard
Posts: 6677
Joined: 05 Feb 2008 11:07
Location: The Mighty Central Valley of California
Contact:

HToD

Post by Omphalos »

Looks like its been hacked. Why dont you all just stay away until Chig can fix it tomorrow?
Image

The New & Improved Book Review Blog

Goodnight Golden Path!
User avatar
SandChigger
KJASF Ground Zero
Posts: 14492
Joined: 08 Feb 2008 22:29
Location: A continuing state of irritation
Contact:

Re: HToD

Post by SandChigger »

Chig has fixed it today.

Eat my rabbit nugget poopoos, bastard hackers! :twisted:

It was just the blogs that were hacked, by the way, not the whole site.

Pretty stupid hackwork, too, considering how obvious it was that something was up from the way they did it, which knocked out the CSS layout and everything.

Fortunately it wasn't something really destructive like blanking the database entirely. :dance:
User avatar
Eyes High
Patience Personified
Posts: 2322
Joined: 22 Jul 2008 15:32
Location: between the worlds of men and make believe

Re: HToD

Post by Eyes High »

meanies :evil:
What fear is there in the night?
Nothing, but that which is in our own imaginations.
User avatar
TheDukester
Posts: 3808
Joined: 20 Jun 2008 13:44
Location: Operation Enduring Bacon

Re: HToD

Post by TheDukester »

Wow, what a farce.

Any suspects? Any evidence pointing to the Friends of James Harwood Society?
"Anything I write will be remembered and listed in bibliographies on Dune for several hundred years ..." — some delusional halfwit troll.
User avatar
SandChigger
KJASF Ground Zero
Posts: 14492
Joined: 08 Feb 2008 22:29
Location: A continuing state of irritation
Contact:

Re: HToD

Post by SandChigger »

Nah, I don't think they're that talented.

None of the files on the server had been edited, and there wasn't anything weird in the access logs, but they somehow managed to inject code into the database, so I think they logged in remote and accessed the MySQL via terminal mode. I logged in and contacted my provider and advised them of what had happened and changed my passwords.

No biggie, this time. :)
User avatar
Omphalos
Inglorious Bastard
Posts: 6677
Joined: 05 Feb 2008 11:07
Location: The Mighty Central Valley of California
Contact:

Re: HToD

Post by Omphalos »

SandChigger wrote:Nah, I don't think they're that talented.

None of the files on the server had been edited, and there wasn't anything weird in the access logs, but they somehow managed to inject code into the database, so I think they logged in remote and accessed the MySQL via terminal mode. I logged in and contacted my provider and advised them of what had happened and changed my passwords.

No biggie, this time. :)
How do you back your site up? Im sure I could arrange a nightly backup of structure and db to a remote site if you would like. Actually, Raggy has all our sites backed up on cloud servers. Maybe you could do that?
Image

The New & Improved Book Review Blog

Goodnight Golden Path!
User avatar
Omphalos
Inglorious Bastard
Posts: 6677
Joined: 05 Feb 2008 11:07
Location: The Mighty Central Valley of California
Contact:

Re: HToD

Post by Omphalos »

SandChigger wrote:Nah, I don't think they're that talented.
Sounds conclusive then. Harwood must've involved!

Sue me over that, asshat!
Image

The New & Improved Book Review Blog

Goodnight Golden Path!
User avatar
SandChigger
KJASF Ground Zero
Posts: 14492
Joined: 08 Feb 2008 22:29
Location: A continuing state of irritation
Contact:

Re: HToD

Post by SandChigger »

Omphalos wrote:How do you back your site up? Im sure I could arrange a nightly backup of structure and db to a remote site if you would like. Actually, Raggy has all our sites backed up on cloud servers. Maybe you could do that?
The server backs up the physical MySQL database files daily. I download & copy them to other locations every few days. I have multiple copies of all the other files on different machines. (Whenever I edit a file, I include a time & location comment before uploading. That way I can always tell which is the newer copy, the one on the server or the one on the machine I'm using.) I'm pretty covered. I think. ;) In the event of a major hack & total wipe (knock on wood!), I might be able to have everything back up in a day or two. NOT wanting to put that to the test, of course! :D

I haven't looked into the "cloud server" thingy; will do. Cheers! :)
User avatar
SandChigger
KJASF Ground Zero
Posts: 14492
Joined: 08 Feb 2008 22:29
Location: A continuing state of irritation
Contact:

Re: HToD

Post by SandChigger »

Well, the saga of "JUST HOW FUCKED UP IS NETWORK SOLUTIONS' SERVER MANAGEMENT?!" continues:

The site has been infected with some sort of malicious javascript on almost all the main and subdomain index pages (index.html & index.php). I discovered the problem around 3:00 PM and uploaded fresh, clean copies of the files from my computer, but when I checked in again less than an hour later (after firing off a rather heated "GET YOUR FUCKING ACT TOGETHER" email at the provider), I discovered the clean copies had been replaced with infected ones again.

Probably best to stay away until I figure this out.

I'm starting to consider moving to a new provider now. :twisted:
User avatar
Eyes High
Patience Personified
Posts: 2322
Joined: 22 Jul 2008 15:32
Location: between the worlds of men and make believe

Re: HToD

Post by Eyes High »

Hope you get this worked out soon. Sorry that you're having to deal with this juvenile attack. :evil:

Looking forward to when HToD is back to its wonderful self.
What fear is there in the night?
Nothing, but that which is in our own imaginations.
User avatar
SandChigger
KJASF Ground Zero
Posts: 14492
Joined: 08 Feb 2008 22:29
Location: A continuing state of irritation
Contact:

Re: HToD

Post by SandChigger »

Yeah, just when the Concordance stuff has tentatively gone online and I'm getting ready to publish a Blow-this-Arabic-up-your-bung-Byron! page or two, all hell breaks loose. :twisted:

Looks like they're on it, but only time will tell.... :)
User avatar
SandChigger
KJASF Ground Zero
Posts: 14492
Joined: 08 Feb 2008 22:29
Location: A continuing state of irritation
Contact:

Re: HToD

Post by SandChigger »

I'm still not sure if the site is OK yet. Safari wasn't affected by whatever it was, to begin with. I looked at the front page with Firefox just now and it didn't bark or wet itself, FWIW.

I still can't FTP in, waiting for them to set the password correctly for me. (Or for the changes I've made to percolate through their system.) :roll: Once I can get in, I can tell at a glance if a file is infected, because they bloat from 2 or 3 to 10 or 15 KB.

Stay tuned. :)
User avatar
SandChigger
KJASF Ground Zero
Posts: 14492
Joined: 08 Feb 2008 22:29
Location: A continuing state of irritation
Contact:

Re: HToD

Post by SandChigger »

I finally got FTP access to the server back Friday morning and everything looked OK for the bigger part of the day, but sometime between 6:30 and 7:00 PM the hackers started injecting javascript into the webpages again. I spent an hour or so replacing the infected files just to watch them reinfecting them within minutes of me fixing them. Broke for dinner and have been at it for another hour and a half, but I'm tired and stopping for the night. There's not going to be any new pages added or blogs posted until I either get this problem settled or the site moved to a new provider, so no real point in dropping by and risking your computers!

I'll post a notice here when it's safe to come back. Ciao for now! :)
User avatar
inhuien
Posts: 3638
Joined: 09 Feb 2008 05:03

Re: HToD

Post by inhuien »

Thanks for keeping us abreast of this cluster fuck. Where's geocities when you need them >)
User avatar
Omphalos
Inglorious Bastard
Posts: 6677
Joined: 05 Feb 2008 11:07
Location: The Mighty Central Valley of California
Contact:

Re: HToD

Post by Omphalos »

Sorry, Dude. Sucks.
Image

The New & Improved Book Review Blog

Goodnight Golden Path!
User avatar
SandChigger
KJASF Ground Zero
Posts: 14492
Joined: 08 Feb 2008 22:29
Location: A continuing state of irritation
Contact:

Re: HToD

Post by SandChigger »

Meh, could always be much worse, I suppose! ;) The hackers aren't particularly malicious—they're not wiping the site or anything like that (yet)—or particularly bright, either, it seems. The code being injected is different from yesterday/day before, and I can actually see lines of it showing through the theme this time if I look at an infected page in Safari. (The javascript is obfuscated/encoded, so you can't really read it, but you can tell it's different just looking at it.) So it seems like a different hacker or group of them ... which means NetSol still hasn't really fixed whatever vulnerability let the first group in. Not as bright as the first group, but still able to get past NetSol security. :roll:

(Remember that the first groups of blog hackers were smart enough to hack the databases, but the code the ones who hit HToD were inserting broke the blog layout/theme and made it obvious something was up. Same thing with this current group.)

Ah well.
User avatar
Tleszer
Posts: 2161
Joined: 17 Feb 2008 18:02

Re: HToD

Post by Tleszer »

Must be the work of a KJASF member. :lol:
DUNE, as interpreted by a blue man with a green tushie
User avatar
SandChigger
KJASF Ground Zero
Posts: 14492
Joined: 08 Feb 2008 22:29
Location: A continuing state of irritation
Contact:

Re: HToD

Post by SandChigger »

:lol:

Yeah. If I was a paranoid can't-be-a-hasbeen-'cause-never-was-in-the-first-place washed-up nutjob sci-fi "writer" (snicker) in BFE Norman, Oklahoma, I might actually accuse someone at Dune Novels or KJASF of using their mad skillz to hack my site. Especially since DuneNovels is also with NetSol and they seem to be unaffected.

But I think we all know that both groups of mouth-breathing droolers are lucky to find their assholes to wipe after shitting (I figure they feel around and determine the sweet spot by tasting their fingertips), so this is a bit beyond them. :lol:
"Let the dead give water to the dead. As for me, it's NO MORE FUCKING TEARS!"
User avatar
SandChigger
KJASF Ground Zero
Posts: 14492
Joined: 08 Feb 2008 22:29
Location: A continuing state of irritation
Contact:

Re: HToD

Post by SandChigger »

I'm pretty sure the website is clear again now. No sign of the hackers at all today.

Allez, allez, outs in free! :)
User avatar
SandRider
Watermaster
Posts: 6163
Joined: 05 Oct 2008 16:14
Location: In the back of your mind. Always.
Contact:

Re: HToD

Post by SandRider »

I don't get some of this, are these jscripts aimed at your pages alone,
or are all the accounts from your provider being infected, and you're catching
the general fallout ?

if it's just HairyTicks, I don't see how we can't blame Keith, Merritt, and Corporate Dune ...
................ I exist only to amuse myself ................
ImageImage

I personally feel that this message board, Jacurutu, is full of hateful folks who don't know
how to fully interact with people.
~ "Spice Grandson" (Bryon Merrit) 08 June 2008
User avatar
Freakzilla
Lead Singer and Driver of the Winnebego
Posts: 18449
Joined: 05 Feb 2008 01:27
Location: Atlanta, Georgia, USA
Contact:

Re: HToD

Post by Freakzilla »

Kanly it is then... or are we past that into jihad?
Image
Paul of Dune was so bad it gave me a seizure that dislocated both of my shoulders and prolapsed my anus.
~Pink Snowman
User avatar
Nekhrun
Icelandic Wiener
Posts: 3298
Joined: 10 Feb 2008 16:27

Re: HToD

Post by Nekhrun »

SandRider wrote:I don't get some of this, are these jscripts aimed at your pages alone,
or are all the accounts from your provider being infected, and you're catching
the general fallout ?

if it's just HairyTicks, I don't see how we can't blame Keith, Merritt, and Corporate Dune ...
Don't forget Uncie Mike with his high-level webskillz.
"If he was here to discuss Dune, he sure as hell picked a dumb way to do it." -Omphalos :character-cookiemonster:

Happy Memorial Day everyone! -James C. Harwood

"Three of my videos have over 100 views."
"Over 500 views for my 'Open Question' video." -Nebiros
User avatar
Freakzilla
Lead Singer and Driver of the Winnebego
Posts: 18449
Joined: 05 Feb 2008 01:27
Location: Atlanta, Georgia, USA
Contact:

Re: HToD

Post by Freakzilla »

Nekhrun wrote:
SandRider wrote:I don't get some of this, are these jscripts aimed at your pages alone,
or are all the accounts from your provider being infected, and you're catching
the general fallout ?

if it's just HairyTicks, I don't see how we can't blame Keith, Merritt, and Corporate Dune ...
Don't forget Uncie Mike with his high-level webskillz.
:lol: (Better than mine :cry: )
Image
Paul of Dune was so bad it gave me a seizure that dislocated both of my shoulders and prolapsed my anus.
~Pink Snowman
User avatar
SandChigger
KJASF Ground Zero
Posts: 14492
Joined: 08 Feb 2008 22:29
Location: A continuing state of irritation
Contact:

Re: HToD

Post by SandChigger »

SandRider wrote:I don't get some of this, are these jscripts aimed at your pages alone,
or are all the accounts from your provider being infected, and you're catching
the general fallout ?

if it's just HairyTicks, I don't see how we can't blame Keith, Merritt, and Corporate Dune ...
It's general fallout, not just HToD. I just happened to be unlucky in that my site is hosted on the server being attacked. DuneNovels is with the same provider, but on a different server, so they don't seem to have had any problems.

If it was a focused attack on HToD, yeah, then I'd suspect something was up. But most of the mouthbreathers surrounding KJA and DumbNovels these days are nothing to worry about.

(TheKJA does have one follower on Twitter that proclaims himself as an IT wizard, but who knows, you know? TheKJA proclaims himself a writer! :lol: )
"Let the dead give water to the dead. As for me, it's NO MORE FUCKING TEARS!"
User avatar
SandChigger
KJASF Ground Zero
Posts: 14492
Joined: 08 Feb 2008 22:29
Location: A continuing state of irritation
Contact:

Re: HToD

Post by SandChigger »

Get ready for a

BLAST from the past!

TheKJA Emails, coming online on HToD!

Relive "Only One Mistake" NOW! Other KJA hits COMING SOON!

http://tiny.cc/53n7l" onclick="window.open(this.href);return false;
Post Reply