On December 28th, 2011, somebody exploited a vulnerability in this site’s forum software (the popular phpBB system) to install a hacker control panel that gave them wide access to this server and its files. Actually, code was injected back in October, but the individual waited until the 28th to do anything with it. On the 28th, he (I’m guessing it was a he) used the code he had installed to do two things: he set up a malware redirect and inserted a front page for some Russian porn site (more likely another vector for malware, I suspect) in an obscure location. I am lucky that his actions were not destructive; he was careful not to make any visible changes to this site or any of the page content. Instead, the malware redirect only affected mobile browsers; if you visited this site on your iPhone or Android device at the end of last year, you might have been surprised to see a fake Opera update page that tried to force some Java code to download. The porn front page was also hidden (albeit poorly) so as not to attract attention by regular visitors.
I noticed the redirect while traveling in Japan. I reached out to my ISP, but like everybody else they were on vacation. Today they wrote back with some suggestions, and I’ve gone through and performed a little bit of investigation and cleanup. The malware is gone, the porn is gone, and the hole is closed. So far, nothing else seems damaged.
It is inaccurate to call the person (or persons; there are actually three separate IPs that accessed the inserted content over the last week) who installed rogue code “hackers.” Hackers are people who have skills, and use those skills to poke around systems, looking for ways in. Hackers may be malicious or benign, but they are defined by curiosity; they are a breed who figures things out on their own in situations where the interface is as obfuscated as possible. The folks who attacked this site are barely script kiddies. They are using software authored by somebody else (complete with Russian comments containing spelling errors), they know little about actual security (the control panel they installed was protected by a password: “root”), and their goals have nothing to do with exploration or curiosity; they are inserting code specifically for monetary gain. Malware runs botnets, botnets make money. These people might feel proud of themselves for exploiting a hole that somebody else found in a popular piece of software and then using it to install code that somebody else wrote, but there’s no glory in their work. They are just following directions written on some forum, without understanding what the steps mean. If real hackers are topographers, mapping territory that has never been mapped before, the guys who broke into this site are little more than assembly line workers, following the same instructions over and over by route. They could be replaced with a machine. In fact, they are quickly being replaced by machines. This is the extent of their skills.
I have removed the forum from this site. Over its 9 year history, this site has been hacked two times, both of which stem from vulnerabilities in the forum software. I’m good about keeping my software up-to-date, but phpBB and its ilk are simply too complicated to reliably secure. Maybe I will come up with a replacement; I have all of the forum posts backed up and might one day restore them. But for now, I’m sad to say that the forum has to come down. If script kiddies from Russia (who, by the way, left their ip addresses all over the place for me to find) can crack it, it’s too vulnerable to allow on the site. Perhaps we can set up a third-party solution, like a Google Group, or maybe a G+ page. If you have suggestions, please let me know.