MRK’s Site Down
Posted on May 1, 2008 Posted by John Scalzi 11 Comments
I figure there’s a fair amount of overlap between the people who read Whatever and those who read Mary Robinette Kowal’s blog, so I’m passing along this note from her, regarding her site:
Around noon today, someone decided that it would be fun to hack my website. They’ve installed some code that is taking down all of the other sites on my server so my host, wisely, decided to pull the plug on my site. All my information is preserved, it’s just not live right now.
I have backups, but I’m at the theater until late tonight and will have to rebuild from scratch. Basically, I’m going to have to wipe everything and upload clean installations of the latest versions of the software I use. The tech support says that the most likely culprit is my phpBB forum since I’m not running the latest versions of those. Hopefully, I’ll be back online by tomorrow morning.
If you don’t have anything else to do today, update all the software on your site and do a backup.
Amen to that. Hopefully her site will be back up soon.
Some people need to get lives. Why target HER of all people? Sheesh.
Joining you in hoping it’ll be back up soon.
They most likely did not actually target her, rather her installation of phpBB. Keeping an install of a php-based app takes a lot of tender care, especially for people who don’t spend all their time scouting for the latest php related security vulnerabilities. The miscreants probably came in via a clever Google search for vulnerable phpBB version header/footer version data.
That sucks. I never understood the reason for ruining stuff like that. Just to show you can? Lame. I hate to think of the work she has to do to get it back up.
Coup counting, I imagine. It happened to a completely inoffensive low-traffic phpbb forum I frequent a while back, too. Took weeks to put it back up due to the people in charge leading busy lives. Keeping the miscreants out can sometimes be a full-time endeavor.
Plugging holes and keeping them plugged is inevitably harder than finding the holes and poking at them. Is why, for example, DRM is pretty much doomed… #(people hacking DRM) >> #(people refining DRM).
Thanks for posting for me, Scalzi.
This is a royal pain in my hiney. I host six other sites on my account and all of them are down. It’ll be a long night of downloading and uploading.
That doesn’t raise my opinion of said hackers any. In fact, it drops it even lower. But good to know the unscrupulous section of hackers isn’t wishing to specifically target and make things harder for a puppeteer. Because that would be quite possibly the stupidest thing to ever hit the Internet.
A mere five hours later, I have my main site up and just six more sites to go.
Random vandals. I hates them.
Glad you got your main site back up so quickly. Having a recovery methodology is hard for a lot of people, because what nice normal person expects this kind of thing to happen. Especially since both the phpBB and php security teams spend a lot of time pointing fingers crying “it’s their responsibility to fix and notify the users, not ours”. And the end users suffer for it, playing whack-a-mole with versioning.
Nah, those toons are mainly just using it as bragging points and/or infrastructure for other attacks/purposes. But don’t underestimate the level of stupid/malice. Most of these things occur and they get used for Viagra spam engine host locations. Lame upon lame.
Quoth Dru @9:
IMNSHO any person, be they nice or normal or otherwise, should follow the Boy Scout motto: Be Prepared. If having your site and its content available matters at all, you need to have a recovery method ready for the day it goes pear-shaped, whether due to malicious scr1pt kidd13s’ actions or Murphian malfunction.
Anecdote re PHP: A friend who hosts and runs his own websites (and takes security quite seriously) recently decided to experiment with PHP. Went to php.net, read and downloaded all the relevant docs, install guides, release notes, etc. before downloading the source tarball. Less than one hour after he had downloaded PHP, his system alerted him to a sudden onslaught of connection attempts from hitherto-unknown parties, all of whom were trying on known PHP exploits. One might be paranoid enough to believe that these agents monitor visits to php.net and follow back anyone who shows signs of deploying the product.
MRK: congratulations on the speedy recovery and welcome back!
 The plural of “anecdote” is not “data.”
 Non-standard OS built ground-up from scratch; runs own nameserver, firewall, IDS; regularly reads CERTs and vulnerability notices and applies the appropriate remedies for same.
 He identified multiple sources originating from diverse locations, with distinctive styles of attack, none of which had previously tried to access his system. (Yes, traceroute(1) is his bitch.)
 None of the attempts succeeded. My friend is very good at what he does.
My site got hacked by that Nobody Reads It virus thingy.