In some of my talks about the open web I make some claim in front of an image of a ying-yang symbol. I sat that to have all of the positive, exciting things we enjoy from the open web, we need to allow for the possibility/potential slimy underbelly that exploits the same affordances of open. One cannot exist without the other.
That’s all fine and dandy and smarmy, until that underbelly slimes un-invited into your corner of the web, and pees all over the floor.
It’s not just a soiled rug that tied the room together, it is your personal space you’ve crafted in the interest of sharing.
That’s been going on the last few days as the suite of sites Brian Lamb and I developed and opened up to staff and faculty at TRU (TRUbox and SPLOT), plus Brian’s own Abject blog where repeatedly rendered non-functionality by an unknown hacker.
As an understatement, it’s incredibly frustrating. Identifying the source is not in my forte; I could see where and what was happening to many of the files, I could manually cleanse out the junk, but it kept coming back. People were asking why their sites were not working. Have we lost their trust? While they go back to the safe and warm LMS?
Fortunately we were able to call in the expert services of Pat Lockley, and we feel pretty sure we have closed the slime hole.
It’s happened before with my own sites, and its sickening. It cuts away any of the confidence I have in my technical skills, and can make one question why they are even in the field (I told someone I’d rather be a farmer).
Just as a guide, these are the typical stages one goes through in finding their web site has been hacked.
1. Incredulous Denial
It cannot be something wrong with my site. Maybe it’s your browser, or you typed the URL wrong. I have a plugin to protect me. Did you clear your cache?
Oh, now I see it. Maybe I can just refresh the browser. Nope. It must be my web host’s fault. Maybe my database crashed.
And then, I see my own files. Who put all that garbage in the index file? And in like 5 plugins? Geez, WordPress sucks! How can this be happening to me? No one reads my blog, who would make it a target?
Oh it’s bad. It’s added malicious code to core files, to plugins, to even useless README.html files. The code is gibberish, I cannot even figure out what it does, much less how someone is able to write to files on my server.
And who the *#%#^& would be doing this? What give them a right to come into my server house and pee all over my files? What if I did that to them? What do they tell their kids, their spouse, their moms, about what they do in the internet? Can you imagine a world in which people with these skills put them to use on something like solving energy problems, purifying drinking water, or educating the world? No, these ________s just sit around all day and figure out ways they can go shit all over some innocent person’s web site. For what? For “lolz”? I’d just like to get my hands around their slimy neck and ….
3. False Hope
It is 1:30am, but you have found and manually cleaned out all of the infectious code from your site. Maybe you tweet or DM someone with a bit of boasting. You might get smart and change some passwords, but its time for some victory rest… except that within an hour, all of the hacks have returned!
How can they even do this? What can you do, but clean it again, because your site is down. Never mind that you are ignoring your work, your family, eating, bathing…
4. Depression and Abandonment
I cannot figure this out, nor can I stop it. What a lousy technical person I am, what a faker, I cannot even protect my own site. The internet sucks. Maybe I should find more honest work to do.
All of the resources you find online just offer hindsight, RTF, be more secure, harden your site, update the core, change passwords, etc. No forum or blog post offers anything specific enough for you to try. What good is this internet?
What’s the use? Why give of yourself to share things, when the slimeball bottom feeders of the internet can just reach in and inject their venom into the Domain of Your Own.
I am lost.
5. Appeal to a Smarter Power, Restoration
I have to face it, I cannot fix this situation. Find someone with more technical skills and experience. A wizard. A geek. A super guru.
Try and sit back and wait. Be patient. Let them deal with things. Try not to step in and muck about.
If you have the right wizard/geek/super guru, your site is eventually restored (if not, find a new wizard). Accept your lower station on the hierarchy of technical skills. And pay the wizard, Pay them well. They put aside what they were doing to sort out your mess.
You cannot prevent this, but hey, it might not happen again. There are plenty of other targets out there. This is just how things are. There are jerks in the world, and sadly sometimes they cross your path. It’s not personal… Right?
FOL. The way things are. Can’t change the world. Just try to do what you do.
Not server administration.
The post "The Six Stages of Web Site Hacked Grief" was originally rescued from the bottom of a stangant pond at CogDogBlog (http://cogdogblog.com/2015/04/six-stages-hacked-grief/) on April 10, 2015.