If you can read this message, congratulations! You got to my server.
Due to the massive onslaught of traffic today, my server is having troubles. I apologize for any inconvenience this may cause.
Also, for readers who arrived via the front page, the blog series “Made in China” is a set of several posts, so please do scroll down to read the first in the series. Blogs have this funny time-reversal thing going on with them so it’s awkard for readers joining a themed miniseries mid-stream.
Tonight, this site was hacked by a fellow named c0rpman from Russia. Unclear on the exact mechanics of the hack, but there was a vulnerability in wordpress that I didn’t update to protect against right away, so I suspect that is a big part of what happened. There was a very interesting script left laying around; my passwords were changed. All the posts were deleted, and this message was left on my blog homepage:
D3fAcED bY hSw team--->#197297672
I had an interesting chat with c0rpman as well, as he contacted me via IM to tell me that my site was hacked. We discussed how he did it and why, and possible measures to prevent it from happening again. I suppose I am a target and there are other WordPress vulnerabilities that have yet to be disclosed. Fortunately, my web hoster (pair.com) has a backup of the database from about a week ago, and what you are seeing now is what they could piece together from the backup. I had some problems with very old posts–posts older than about March of 2006–not making it due to some MySQL database error, but I think it is fixed now. The pair.com techs have been very patient, helpful and responsive! I’m definitely not a PHP or MySQL expert, so this has been a learning experience on multiple axes. Comments and posts made within the last week are lost, but I’m willing to live with that.
For the record, I did try using a tool called warwick to recover some of my data from web caches, and many readers have offered their cached feeds and data to me. I really appreciate everyone’s help. It’s very supportive and touching in a time when I’m feeling vulnerable and definitely needing help. However, in the end it is better that my eyes are open, rather than ignorant. It’s not the first time I’ve been hacked, and it won’t be the last, but every time I learn something new and important. It is also comforting to know that there are so many helpful friends and strangers out there. Thanks to everyone for helping me sleep well tonight!
The site was down for about 20 hours because the web hoster’s (pair.com) server crashed and they firewalled the IP address. If you sent any email to the bunniestudios.com domain, it may not have gone through.
Ever hear the phrase “Tragedy of the Commons?“. That’s pretty much what spam is doing to the free/open portions of the internet these days. For example, this site has been hit with a spate of spam–something on the order of 50 to 100 spam comments a day for the past couple of weeks–and it’s been pretty crippling dealing with that. So, I have tried upgrading to the latest version of this blog software (scary!), and using a new anti-spam plug-in. If you do find that something is broken or missing, please do post a comment and let me know! Hopefully with this new anti-spam plugin, comment posting can go back to a less strictly moderated form, and I’ll be spending less time combing through spam messages.
A new name that ware is just around the corner…a combination of the July 4th holiday weekend and a very busy week after that catching up on work has delayed the contest a bit, but never fear! I have wares to post and winners to declare, and it should be up within the next two days. You may notice some mild stylistic changes to my posts as well, as this new blog software seems to have a mind of its own when it comes to formatting things.