March 14, 2014

I have now re-re-relaunched this blog (give or take a “re-“).

It occurs to me in the course of looking at the long and strange well-documented history of this blog, I’ve had all manner of weird shit happen – I started it out on tripod.com hosting editing with FrontPage, briefly lost control of the domain name once when the fly-by-night company I registered it from decided to lock me out of it, taken it across two different CMS packages, and hosted it at a smattering of different places including a server farm which literally consisted of faded beige boxes missing drive bay doors sitting on the floor of the house where my friends also ran their small consulting empire.

In any event I can add one more to the list – I’ve been hacked. Actually, a couple of times. Towards the end of my tenure with my friends’ hosting, the colocation facility they moved to (after the beige-boxes-on-the-floor phase) decided they had to take my blog offline because it was spreading viruses. Had been for years, they said. Longer than they had been hosting it apparently, which made sense to none of us. Long story short there was an exploit in the Akismet plugin that WordPress came with by default. Also by default this plugin was disabled and because of that, WordPress would never prompt me to update it. I never activated it because the service it provides – comment spam protection – is useless to me because this blog doesn’t have comments. Anyway someone exploited it and was able to insert all kinds of stuff in the blog to point to links to websites serving up malware and so forth. I don’t remember exactly how we cleaned up that mess (I think we restored from an old backup because – unsurprisingly – it had been a long time since I posted last and there was nothing to lose) but we got it back online.

I changed over to 1&1 hosting when my friends moved to a different part of the state, both because of the convenience factor and also because I didn’t want my one-off WordPress blog here to cause them any more issues. Besides, I figured, what are the odds I’d be hacked again?

At some point I noticed my site was incredibly slow. Like, took forever to load slow. I got busy with some real life stuff so I ignored it but when a friend a few weeks back asked for a link to the Velveeta post, I decided I needed to get to the bottom of it. I’m running on the cheapest package 1&1 has to offer (literally $1/month) so I figured it had to do with cramming me onto some box hosting a million other $1/month blogs, but the WordPress admin interface, also running PHP, came up fine so I knew it was probably not that.

To be quite honest I’m still not sure what the heck all happened. I saw my template was crammed with tons of shit – lots and lots of seemingly random characters – but nothing obviously malicious. I got rid of it, but I couldn’t edit any posts. They just wouldn’t come up in the editor. I inspected exports and backups and other than one clear spam link for an online drugstore I couldn’t figure it out.

So I backed everything up, deleted everything – database and all – then put on a clean WordPress install and restored the posts from a backup. Worked like a charm. Restored from a WordPress XML backup, not a SQL script backup, which worked much better than I anticipated. So now I’m back. Again.

I’m still curious how exactly I got hacked but not enough to pour a lot of time into it. But it does occur to me that this is analogous to a paradox with regards to urban decay.

The paradox is: the way to make sure an old building continues to stay in good shape is to keep using it. I work in Downtown Dallas now, in a skyscraper. A few doors down is another skyscraper called Elm Place, which is currently completely empty. As in, tenancy dwindled to the point where in 2010 they just kicked everyone out and closed it down. I believe someone recently purchased it so at some point it might be open again but we can already see signs of rot. Tiles falling apart. Drooping ceilings. The little businesses on the bottom floor that were restaurants next to the large windows have left behind remnants that are fading from mere sunlight exposure.

By comparison, in Texas near New Braunfels there’s a place called Gruene Hall which was built in 1878 and still operates to this day – as a dance hall. Elm Place was built in 1965 and is showing signs of wear and tear a mere four years after being unoccupied, meanwhile a dance hall built thirteen years after the Civil War ended, and which is made of freaking wood, is still up and kicking.

This blog on WordPress, with no comments, very few plugins, and (previously) a very barebones theme, seemingly doesn’t have anything you think would rust, but apparently it did. I tried to stay on top of WordPress updates, but I’m sure I fell down on the job at some point and that was that. WordPress is open source software, which is a double-edged sword with regards to security issues. On the one hand, the ability to have tons of people looking at your code has the benefit that you theoretically find out about issues faster. On the other hand, it also allows malicious individuals to find the security holes, potentially not tell you, and then exploit it in everyone’s site, or in the sites of anyone who doesn’t patch (which would be the category I fell into). Closed source software is more security through obscurity (i.e., flaws can’t be found by having the source) so it’s debatable which approach is better when it comes to a non-centralized piece of end-user software.

My wife has a laptop that, long story short, came with Windows 7, we upgraded it to Windows 8, and then she switched to a Mac (another long story I’ll need to write up at some point). At some point I had to help her accomplish something that, another long story short, needed Windows 7 and Office 2010. I was running Windows 8 and Office 2013 locally, so I needed another machine. We reformatted her laptop, put Windows 7 and Office 2010 on it, accomplished the task, and then shut the laptop and put it away for almost a year.

Then she needed an “extra” laptop for something so it made perfect sense to just dig up the Windows 7 laptop we used before so we did. First thing we do is start applying Windows and Office updates. Everything is going fine, hundreds of patches get applied, Microsoft Security Essentials gets updated, system gets rebooted a few times, all is good.

In the morning there was some weird piece of software running on the desktop. I found that odd, and I looked and whatever it was was installed the day prior. I search for the name of the thing on Google and yeah, it’s malware/adware. We had a ton of updates to apply when we had first booted it up and so I thought maybe something had snuck on there while we were updating it. I uninstalled everything (including toolbars on web browsers) and all was good.

Until the next day when some of it came back. I had everything updated, and it still got wormholed or whatever. I ran MalwareBytes on it and cleaned out some stuff and had MSE run a deep scan. I think I got everything (this wound up being a laptop that sees some amount of use in my wife’s office and I haven’t heard anything bad). My guess as to what happened is that a worm put malware on the system while it was updating and then even after all the updates applied, a process left over that MSE didn’t catch was still allowing software to be installed.

I don’t have these problems on my main system and I’m a pretty stringent user (I had set this laptop up using the best practices I knew of) and still it developed issues. The only thing I can think of is that my main system, by virtue of being on all of the time, is constantly updating and on top of the latest software updates and patches. The laptop had been off for a year, so it had catching up to do and a lot of maintenance to get it back in working condition.

So in other words my main machine(s) stay in good shape because I keep using them, and this laptop got slammed with malware because it had been offline for too long. It’s similar to urban decay.

Codebases are the same way – games whose engine goes open source or see constant attention (see: Starcraft or Quake 3) see themselves running on modern hardware, while games just a few years old break on new versions of Windows.

So yeah, my blog got hacked because I stopped using it. Or updating it anyway.

Also at one point I had made this new template for the blog which was a variant of the ancient theme I had going on (which was literally designed to look like a Web 0.1 page because I thought that was hi-damn-larious for way too long) but it got lost in the first hacking kerfuffle, so I just searched on WordPress.org and found this one. Works for me – minimalistic without being an eyesore in an era of responsive web design.

I’d say I’ll be updating a lot more often now but that’s like an excuse you give your doctor that he doesn’t want to hear. So I’ll just say that I’ll still be around… for some reason.