Tuesday, April 11, 2006

I'm Hatin' It

Yeah, so, goblinbox.com has been down for over three days now. I set up this blogger account as a temporary stopgap.

Here's what happened:

Somehow someone managed to upload PHP files onto the server goblinbox.com lived on. Some if not all of those files were placed in subdirectories of my domain. On April 1st, my hacker friend started running those malicious PHP files. On April 3rd, s/he tested the new Bank of America phishing site that was running in a subdirectory of goblinbox.com.

April 7th, Planet disovered the site and shut my domain down.

April 8th, I discovered I was down and contacted Keef, who told me I'd been hacked. I thought about it, then texted him to tell him that my guess was they'd come through my WordPress installation. (I'd had to reset my WP password twice on Friday.)

Keef told his partners what I'd said. I think they took that as an admission of guilt or something, but the reality is that I have no idea how the hacker got in and I want my site turned back on now.

I hate it when goblinbox.com is down!

Mysteriously my host has decided that the hack came through my domain and they won't turn my site back on until they feel confident that my site is secure. If the hack did come through my apps, I haven't seen any evidence of it.

Right now my site is tighter than a virgin. I've spent hours on it. I've got .htaccess files all over the place. The thing's so snug I'll barely be able to move around in there... if they ever turn it back on.

Turns out that my site was not the only one compromised. My site was not the only one with world-writable directories in it. My site is, however, the only one on the server that is still suspended.

I think I'm gonna move my domain. Again.

2 comments:

justacoolcat said...

That sucks.

Only me said...

This all sounds very odd to me. I've required access to the odd server or two in my time but rarely done so via a subdomain. Hmmmm.