pwned

Tonight, this site was hacked by a fellow named c0rpman from Russia. Unclear on the exact mechanics of the hack, but there was a vulnerability in wordpress that I didn’t update to protect against right away, so I suspect that is a big part of what happened. There was a very interesting script left laying around; my passwords were changed. All the posts were deleted, and this message was left on my blog homepage:

D3FAcED!bY

..c0rp|mAn|...

D3fAcED bY hSw team--->#197297672

c0rpmAn

I had an interesting chat with c0rpman as well, as he contacted me via IM to tell me that my site was hacked. We discussed how he did it and why, and possible measures to prevent it from happening again. I suppose I am a target and there are other WordPress vulnerabilities that have yet to be disclosed. Fortunately, my web hoster (pair.com) has a backup of the database from about a week ago, and what you are seeing now is what they could piece together from the backup. I had some problems with very old posts–posts older than about March of 2006–not making it due to some MySQL database error, but I think it is fixed now. The pair.com techs have been very patient, helpful and responsive! I’m definitely not a PHP or MySQL expert, so this has been a learning experience on multiple axes. Comments and posts made within the last week are lost, but I’m willing to live with that.

For the record, I did try using a tool called warwick to recover some of my data from web caches, and many readers have offered their cached feeds and data to me. I really appreciate everyone’s help. It’s very supportive and touching in a time when I’m feeling vulnerable and definitely needing help. However, in the end it is better that my eyes are open, rather than ignorant. It’s not the first time I’ve been hacked, and it won’t be the last, but every time I learn something new and important. It is also comforting to know that there are so many helpful friends and strangers out there. Thanks to everyone for helping me sleep well tonight!

8 Responses to “pwned”

  1. GumbyDamnit says:

    So… what did c0rpman gain from the attack? Probably name recognition. I think that it is unfortunate that you lost data in a malicious attack. I suppose that you can learn more if you need to reconstruct your data, but it still sucks.

    Whatever happened to hacking without destroying data (just because you can does not mean you should)? I had a blast in the early 90’s on UNIX machines using the ypcat – password file “hack” to reverse lookup the passwords of other accounts. I never even looked at the user’s email or data — just how many computer systems I could get into. Doing that helped me to secure our UNIX servers where I worked at the time as an engineer.

    Has anybody read “The Cuckoo’s Egg” by Cliff Stoll? Very outdated now, but a cool read on early Unix hacking.

  2. Anon Cow Herd says:

    Since c0ckman actually went out of his way to destroy your data, I don’t see any upside in giving him the free publicity you’re offering him. If he wanted credit for hax0ring the site of the great bunnie, he could have earned it with a non-destructive defacement.

    Don’t reinforce bad behavior. There is no excuse in the “hacking” world for hosing data belonging to an innocent party. That isn’t hacking, it’s vandalism.

  3. Dan Johnson says:

    Getting your page hacked is an annoyance, I know how that goes…I haven’t had time to repair my personal page from when it was last hacked a couple years ago. It happened not long after I upgraded to another popular content script. Some things are still nice about webpages made in VI (or emacs) ;-)

  4. corpman says:

    huh))… thts interesting…

  5. vutWhilltiz says:

    Love reading your posts, well server!

  6. vutWhilltiz says:

    Great inputs here, love your blog.