Site Content

You've Been Hacked!

I'm still wrapped up with the home automation stuff and of course, computers. Rachel, my youngest, turned 21. She is in the MIS program at Northeastern University in Boston. What a great school! My oldest, Cathy, has moved to Seattle a year ago since she assumed a position at Microsoft (argh!) as a developer for their internal SAP projects. Both of them have blogs at http://rachel.swenton.com and http://cathy.swenton.com respectively.


That leads me to my latest project: Migrating all my personal web and email services from my home server on cable modem to a hosted service. I'm cheap so I looked around for a good deal. I did not spend a lot of time reading about other people's experiences with the company I selected because the deal was very good. I selected IX Web Hosting, based in Kentucky. They met my requirements to have a Linux host with PHP and MySql as well as IMAP mail with a web GUI. I got the intermediate account which includes 8 domains, 2 free domain name registrations, 300 subdomains, 500 GB of storage, 3,500 GB/month of data transfer, and much more including IMAP, PHP, MySql, Postgre Sql. All this for $6.95/month with a two year sign up. I was hesitant to sign up for two years so I did one year for $8.95.

I moved all my personal web stuff over, including my daughters blogs. Cathy was running a custom written PHP application for her blog. Rachel was running Wordpress. Both came over just fine. I was running PHP Nuke for my site and PHP Website for a church application. Both of those came over fine too. I shutdown my IMAP mail server and copied all my family's saved email messages over to the hosting company's mail server.

So far, so good.

A big advantage of using the hosting company is that my personal domain name swenton.com now resolves to an IP address that is not associated with a cable modem. Much of my mail was flagged as spam because it originated from cable modem IP space. I was also doing a "two-step" with my domain name. I was using no-ip.com (because it is free and I am cheap) to do a dynamic DNS update to give my host on the cable modem a resolvable host name. Then I was using namezero.com (where I registered swenton.com) to redirect to the name registered at no-ip. It worked well but it was confusing. Now swenton.com resolves to a dedicated IP provided by my hosting company. Using IX Web Hosting I can still create redirects to my specialty services like web cameras and music streams.

So then after everything is set up I go and read various discussions about my new hosting company. I found many unfavorable "rants" which were very passionate about poor customer service and poor system availability. Honestly I have been online for around 3 months and I have not had any problems. I received prompt responses from customer support for my few questions. One user was particularly angry about how he signed up and moved his web site over only to discover that it was promptly hacked. I took that one with a grain of salt.

Well, last week I received an email from a friend and an IM from Cathy telling me to go to my web site. When I did I discovered I WAS HACKED! I wished I had saved a screen shot but in my passion to restore the site I overlooked that task. Too bad. As I remember, the "new" page said "This web site has been hacked by (person's name)." It included some text that looked like Russian and had several identical links to his web site. It looked like an inflammatory, anti-American political agenda.

Good for me. I had a backup of my MySQL database. My web site uses PHP Nuke which stores the web pages in MySQL, so restoring the database restored the site. Now on to determining what happened and how he got in.

Bad for me. I was about seven versions behind in updating PHP Nuke. It seems he used a known SQL injection vulnerability to create the new home page.

Good for me. He didn't actually get any information out of the site such as being able to see the plain text database password in some of the files. He was only able to inject the new page.

So, just like the other IX Web Hosting user, I was hacked too. Unlike the other user, I admit I was dumb and am not blaming the hosting service.

My web site is insignificant. It is a hobby and a diversion. It is a drop in the ocean. After the site was recovered and updated I sat back and thought what an honor it was to have been hacked. (Sick, huh?) Here's my logic. When people love you, you feel good. When people hate you, you feel bad. When people don't even know about you or even care about you, that's worse than being hated. Indifference is worse than hatred. So I feel honored than someone, even if it was a sicko, felt that my humble web site was worth his efforts to hack it. The event certainly sharpened my skills and caused me to change my ways.

Hey, I never understood SQL injections until last week.

What a great hobby!