Back Online

      57 Comments on Back Online

If you tried to check the site during the past 24 or hours or so, you were greeted with a message that it had been hacked.  Depending on the time of day, the hack was credited to a group in Tunisia, a group in Russia, or a group that included someone named TGirl5000.  The prevailing wisdom on Facebook was that I’d somehow annoyed a vegan transsexual who has hacking skills.

Anyway, this all started when the site became very slow and I called my IP provider to find out the reason.  The support lady told she would check with the server team.  They ran some tests and replied that the entire server was slow because some blog named fathead-movie.com was getting too much traffic for the number of sites hosted on that server.  Heh-heh-heh …

So they moved the blog to another server, and a few hours later it was hacked.  The tech people had to restore the last saved version from Friday.  That means all the Saturday comments are gone.  Sorry about that, but there’s nothing they can do about it.

We now return to your regularly scheduled blogging …

Share

57 thoughts on “Back Online

  1. Gilana

    Hmph. Totally spelled me name wrong. It’s TGIL5000. Sheesh. What’s a goil gotta do to get some approval around here?!

    Reply
    1. Tom Naughton

      I did a pretty good job of hacking up some golf courses back in the day, but I don’t know how to hack a computer. I wish I had the hacking skills to track down these hackers and wipe out their hard drives.

      Reply
  2. Gilana

    Hmph. Totally spelled me name wrong. It’s TGIL5000. Sheesh. What’s a goil gotta do to get some approval around here?!

    Reply
    1. Tom Naughton Post author

      I did a pretty good job of hacking up some golf courses back in the day, but I don’t know how to hack a computer. I wish I had the hacking skills to track down these hackers and wipe out their hard drives.

      Reply
        1. Tom Naughton Post author

          Indeed. And if ever throw one hard enough to make a divot in our pastures, nobody will care.

          Reply
  3. Rudy

    ‘Ya gotta’ love the Eastern Blok Countries and all they consistently do for the world! Was that a Russian Flag during the hack? I’m not up on my commie insignias.

    Reply
    1. Tom Naughton

      There were different images at different times of the day. I saw the Turkish flag at one point. My new security plugin also informed me that someone from Turkey tried to log in as me this morning.

      Reply
      1. Rudy

        Well, at least you’re on alert and can keep your “shields” better deployed! You actually corrected the issue pretty quickly! Good job!

        Reply
    1. Tom Naughton

      It’s faster at my end too. That was the reason the IP provider suggested moving to another server.

      Reply
  4. Kathy in Texas

    Silver lining = faster site! Hope it didn’t cost you anything, other than the time and aggravation.

    As popular as your site is with your followers, it really doesn’t seem a likely target for hackers. Or am I just clueless as to how important you are?

    Reply
    1. Tom Naughton

      I think hackers do what they do for the pure orneriness of it. I doubt I was targeted specifically. My IP provider told me I was one of many targets.

      Reply
  5. Dave L

    Secret fans of Morgan Spurlock? Or CSPI? lol, well just let them take down YouTube, Netflix, and Hulu (which I assume all still play your documentary for you)!

    Com’on hackers! It’s just a BLOG for cri’sake! Anyway, I missed all the excitement, but it’s good that you’re back.

    Reply
    1. Tom Naughton

      Heh-heh … I wasn’t viewing it as excitement at the time, but yes, it’s good to be back.

      Reply
  6. Rudy

    ‘Ya gotta’ love the Eastern Blok Countries and all they consistently do for the world! Was that a Russian Flag during the hack? I’m not up on my commie insignias.

    Reply
    1. Tom Naughton Post author

      There were different images at different times of the day. I saw the Turkish flag at one point. My new security plugin also informed me that someone from Turkey tried to log in as me this morning.

      Reply
      1. Rudy

        Well, at least you’re on alert and can keep your “shields” better deployed! You actually corrected the issue pretty quickly! Good job!

        Reply
  7. Kristin

    I love that your ISP told you that your own blog was causing the problem due to traffic. Very fun and a nice compliment. I have noticed the slowdown over the last couple of months to the point that when I bring it up I’ll go do something else for a few minutes because I know it will take a while. It was a shock on Saturday to see that you were hacked. And I am on Apple using Safari. Their new tab page has pictures of my commonly used sites with a last pic from cache. So I’ve been looking at that hacked pic for a couple of days. Glad you got it worked out.

    Reply
    1. Tom Naughton

      Let’s hope you don’t get another opportunity to cache a picture of a “hacked by” message.

      Reply
    1. Tom Naughton Post author

      It’s faster at my end too. That was the reason the IP provider suggested moving to another server.

      Reply
  8. Carnivore

    Congratulations!!!. Your blog is important enough to be hacked. And with a bonus -it is faster now for sure.

    Reply
    1. Howard Lee Harkness

      *Any* site is important enough to be hacked. Typically, the hacker wants more zombies to build out a botnet, which then can be used to send spam or host phishing sites. Or even store files that are illegal, like child pornography.

      There are some truly evil people in this world. The Internet badly needs some added built-in security.

      Reply
  9. Kathy in Texas

    Silver lining = faster site! Hope it didn’t cost you anything, other than the time and aggravation.

    As popular as your site is with your followers, it really doesn’t seem a likely target for hackers. Or am I just clueless as to how important you are?

    Reply
    1. Tom Naughton Post author

      I think hackers do what they do for the pure orneriness of it. I doubt I was targeted specifically. My IP provider told me I was one of many targets.

      Reply
  10. Dave L

    Secret fans of Morgan Spurlock? Or CSPI? lol, well just let them take down YouTube, Netflix, and Hulu (which I assume all still play your documentary for you)!

    Com’on hackers! It’s just a BLOG for cri’sake! Anyway, I missed all the excitement, but it’s good that you’re back.

    Reply
    1. Tom Naughton Post author

      Heh-heh … I wasn’t viewing it as excitement at the time, but yes, it’s good to be back.

      Reply
  11. Howard Lee Harkness

    If your blog was getting that much traffic, it may have been due to a brute-force login attack, which is getting to be fairly common. I have seen several of these against some of my sites over the last several months. Some of them have been so big that I had to get help from my hosting provider to block the IP their firewall IPtables because the site was so loaded down I could not get a cPanel login or even an FTP connection.

    If you have a sufficiently secure password (I recommend LastPass), that probably is not the vector used to hack the site, but just a separate nuisance. You may have had an outdated plugin — or if you were on a shared server, some *other* customer may have had a weak password, which is why I now use a “reseller” account, even though I don’t resell. It is inherently harder (but not impossible) to hack.

    I take it that you don’t maintain your own site, which I consider to be a mistake. I recommend learning enough about WP to be able to backup/restore and harden your site. I know for sure that you have the intellectual horsepower needed. I have even had some success in teaching computerphobes in the Lions Club how to be their own webmasters.

    BTW, your site is pretty slow this morning, which leads me to suspect that you are still under attack. A plugin that I use to monitor growing attacks is “StatPress Visitors.” It is useful for detecting the “probe” attacks in the early stages. Another tool is “Limit Login Attempts” which will also alert you to attacks in progress. When I see an alert come in, I can usually stop it before it brings my site down.

    I am considering trying a completely different approach on some of my sites. You can password-protect the wp-admin directory at the cPanel level, which is less resource-intensive than using something like “Limit Login Attempts.” It forces the real admin to log in twice, but that’s a minor nuisance if you use LastPass.

    On another topic, it’s a real shame you won’t be on this year’s LC cruise. I will miss you, although I understand the unfortunate events behind your decision. Tell Chareva that Georgene and I send our best wishes for her father’s health.

    Reply
    1. Tom Naughton

      I may learn more about WordPress someday, but right now it’s a matter of priorities. I need to delegate or I won’t finish the projects that matter to me.

      Yup, definitely under attack this morning. Some idiot in Turkey was trying over and over to log in, according to a message from my security plugin.

      Reply
  12. Howard Lee Harkness

    Forgot to mention that a typical hack-job usually uses a time lag of up to seven days before completing the hack. This lets the logfiles roll over (most web hosts don’t keep more than a week’s worth of logs), making it harder to find the culprit.

    The reason that this may be important to you is that the restoration from last Friday may contain the hacker’s back door.

    Reply
      1. Howard Lee Harkness

        You mentioned delegation. You may want to hire somebody to analyze your site, comparing it to a standard WP installation, and deleting anything that doesn’t belong or is no longer needed. You probably need to check for SQL injection of executable files as well.

        Then you want automatic monitoring of any changes made to any executable files, or added executable files.

        I use a tool that will make and download a complete backup of any of my sites in 2-4 minutes. A restore takes a little longer, maybe 4-8 minutes (after an initial practice run). A site migration to a different host may take up to twice as long because of some extra details you have to track, and must *absolutely* get right. Yours may take longer because your comments database is probably enormous (whereas essentially nobody knows my site even exists). You can also do that with tools provided by WordPress; it just takes some time to study and experiment (took me most of a day the first time I did a migration the hard way), and a few minutes longer to run the many steps of the non-automated backup process. I prefer the automated tool, even though I had to pay for it.

        You know how to contact me in the case that you would like more information.

        Reply
  13. Kristin

    I love that your ISP told you that your own blog was causing the problem due to traffic. Very fun and a nice compliment. I have noticed the slowdown over the last couple of months to the point that when I bring it up I’ll go do something else for a few minutes because I know it will take a while. It was a shock on Saturday to see that you were hacked. And I am on Apple using Safari. Their new tab page has pictures of my commonly used sites with a last pic from cache. So I’ve been looking at that hacked pic for a couple of days. Glad you got it worked out.

    Reply
    1. Tom Naughton Post author

      Let’s hope you don’t get another opportunity to cache a picture of a “hacked by” message.

      Reply
  14. Carnivore

    Congratulations!!!. Your blog is important enough to be hacked. And with a bonus -it is faster now for sure.

    Reply
    1. Howard Lee Harkness

      *Any* site is important enough to be hacked. Typically, the hacker wants more zombies to build out a botnet, which then can be used to send spam or host phishing sites. Or even store files that are illegal, like child pornography.

      There are some truly evil people in this world. The Internet badly needs some added built-in security.

      Reply
  15. Howard Lee Harkness

    If your blog was getting that much traffic, it may have been due to a brute-force login attack, which is getting to be fairly common. I have seen several of these against some of my sites over the last several months. Some of them have been so big that I had to get help from my hosting provider to block the IP their firewall IPtables because the site was so loaded down I could not get a cPanel login or even an FTP connection.

    If you have a sufficiently secure password (I recommend LastPass), that probably is not the vector used to hack the site, but just a separate nuisance. You may have had an outdated plugin — or if you were on a shared server, some *other* customer may have had a weak password, which is why I now use a “reseller” account, even though I don’t resell. It is inherently harder (but not impossible) to hack.

    I take it that you don’t maintain your own site, which I consider to be a mistake. I recommend learning enough about WP to be able to backup/restore and harden your site. I know for sure that you have the intellectual horsepower needed. I have even had some success in teaching computerphobes in the Lions Club how to be their own webmasters.

    BTW, your site is pretty slow this morning, which leads me to suspect that you are still under attack. A plugin that I use to monitor growing attacks is “StatPress Visitors.” It is useful for detecting the “probe” attacks in the early stages. Another tool is “Limit Login Attempts” which will also alert you to attacks in progress. When I see an alert come in, I can usually stop it before it brings my site down.

    I am considering trying a completely different approach on some of my sites. You can password-protect the wp-admin directory at the cPanel level, which is less resource-intensive than using something like “Limit Login Attempts.” It forces the real admin to log in twice, but that’s a minor nuisance if you use LastPass.

    On another topic, it’s a real shame you won’t be on this year’s LC cruise. I will miss you, although I understand the unfortunate events behind your decision. Tell Chareva that Georgene and I send our best wishes for her father’s health.

    Reply
    1. Tom Naughton Post author

      I may learn more about WordPress someday, but right now it’s a matter of priorities. I need to delegate or I won’t finish the projects that matter to me.

      Yup, definitely under attack this morning. Some idiot in Turkey was trying over and over to log in, according to a message from my security plugin.

      Reply
  16. Howard Lee Harkness

    Forgot to mention that a typical hack-job usually uses a time lag of up to seven days before completing the hack. This lets the logfiles roll over (most web hosts don’t keep more than a week’s worth of logs), making it harder to find the culprit.

    The reason that this may be important to you is that the restoration from last Friday may contain the hacker’s back door.

    Reply
      1. Howard Lee Harkness

        You mentioned delegation. You may want to hire somebody to analyze your site, comparing it to a standard WP installation, and deleting anything that doesn’t belong or is no longer needed. You probably need to check for SQL injection of executable files as well.

        Then you want automatic monitoring of any changes made to any executable files, or added executable files.

        I use a tool that will make and download a complete backup of any of my sites in 2-4 minutes. A restore takes a little longer, maybe 4-8 minutes (after an initial practice run). A site migration to a different host may take up to twice as long because of some extra details you have to track, and must *absolutely* get right. Yours may take longer because your comments database is probably enormous (whereas essentially nobody knows my site even exists). You can also do that with tools provided by WordPress; it just takes some time to study and experiment (took me most of a day the first time I did a migration the hard way), and a few minutes longer to run the many steps of the non-automated backup process. I prefer the automated tool, even though I had to pay for it.

        You know how to contact me in the case that you would like more information.

        Reply
  17. Boundless

    > The prevailing wisdom on Facebook was that I’d somehow
    > annoyed a vegan transsexual who has hacking skills.

    The vegan part alone may explain it. I’ve seen remarks by other non-vegan bloggers that vegans as a class seem to be much more grumpy than the average human. The implication is that this is not due to the philosophical bias that led them to veganism, but the diet itself (which is deficient in any number of key nutrients unless they are making a heroic effort to compensate).

    Or it could be the philosophy – it can often be very hard to distinguish between an animal lover and a human hater.

    Beyond that musing, I’m dismayed that too much of the internet is still backed up by snapshots that result in the loss of multiple days worth of traffic when a recovery is needed.

    Back when I was coding interactive apps, I made it a point to have the user input generate a plaintext transaction journal file. The main app didn’t care if the input was coming from a terminal (then) or the journal. Getting back to current was trivial, once the cause of the crash was fixed (which might mean finding an deleting an errant transaction in the journal). Start from any snapshot. Run against the journals.

    Reply
  18. Boundless

    > The prevailing wisdom on Facebook was that I’d somehow
    > annoyed a vegan transsexual who has hacking skills.

    The vegan part alone may explain it. I’ve seen remarks by other non-vegan bloggers that vegans as a class seem to be much more grumpy than the average human. The implication is that this is not due to the philosophical bias that led them to veganism, but the diet itself (which is deficient in any number of key nutrients unless they are making a heroic effort to compensate).

    Or it could be the philosophy – it can often be very hard to distinguish between an animal lover and a human hater.

    Beyond that musing, I’m dismayed that too much of the internet is still backed up by snapshots that result in the loss of multiple days worth of traffic when a recovery is needed.

    Back when I was coding interactive apps, I made it a point to have the user input generate a plaintext transaction journal file. The main app didn’t care if the input was coming from a terminal (then) or the journal. Getting back to current was trivial, once the cause of the crash was fixed (which might mean finding an deleting an errant transaction in the journal). Start from any snapshot. Run against the journals.

    Reply
  19. Boundless

    So as not to drift off any thread with a non-bologna topic …

    In case you have heard this from anyone else …

    Your blog reliably locks up my cell phone (an older Motorola Droid 2), by the second page click or so. By locks-up I mean – can’t even shut it off – have to remove the battery. I’m guessing that something in the content is causing a chip to overheat, but that’s pure conjecture. Could be my specific antique. Could be content. No other web site has the same effect.

    Posted from a desktop PC, no surprise.

    Reply
  20. Boundless

    So as not to drift off any thread with a non-bologna topic …

    In case you have heard this from anyone else …

    Your blog reliably locks up my cell phone (an older Motorola Droid 2), by the second page click or so. By locks-up I mean – can’t even shut it off – have to remove the battery. I’m guessing that something in the content is causing a chip to overheat, but that’s pure conjecture. Could be my specific antique. Could be content. No other web site has the same effect.

    Posted from a desktop PC, no surprise.

    Reply

Leave a Reply

Your email address will not be published.