In some of my talks about the open web I make some claim in front of an image of a ying-yang symbol. I sat that to have all of the positive, exciting things we enjoy from the open web, we need to allow for the possibility/potential slimy underbelly that exploits the same affordances of open. One cannot exist without the other.
That’s all fine and dandy and smarmy, until that underbelly slimes un-invited into your corner of the web, and pees all over the floor.
It’s not just a soiled rug that tied the room together, it is your personal space you’ve crafted in the interest of sharing.
That’s been going on the last few days as the suite of sites Brian Lamb and I developed and opened up to staff and faculty at TRU (TRUbox and SPLOT), plus Brian’s own Abject blog where repeatedly rendered non-functionality by an unknown hacker.
As an understatement, it’s incredibly frustrating. Identifying the source is not in my forte; I could see where and what was happening to many of the files, I could manually cleanse out the junk, but it kept coming back. People were asking why their sites were not working. Have we lost their trust? While they go back to the safe and warm LMS?
Fortunately we were able to call in the expert services of Pat Lockley, and we feel pretty sure we have closed the slime hole.
It’s happened before with my own sites, and its sickening. It cuts away any of the confidence I have in my technical skills, and can make one question why they are even in the field (I told someone I’d rather be a farmer).
Just as a guide, these are the typical stages one goes through in finding their web site has been hacked.
1. Incredulous Denial
cc licensed ( BY-SA ) flickr photo shared by RLHyde
It cannot be something wrong with my site. Maybe it’s your browser, or you typed the URL wrong. I have a plugin to protect me. Did you clear your cache?
Oh, now I see it. Maybe I can just refresh the browser. Nope. It must be my web host’s fault. Maybe my database crashed.
And then, I see my own files. Who put all that garbage in the index file? And in like 5 plugins? Geez, WordPress sucks! How can this be happening to me? No one reads my blog, who would make it a target?
2. Anger
Oh it’s bad. It’s added malicious code to core files, to plugins, to even useless README.html files. The code is gibberish, I cannot even figure out what it does, much less how someone is able to write to files on my server.
And who the *#%#^& would be doing this? What give them a right to come into my server house and pee all over my files? What if I did that to them? What do they tell their kids, their spouse, their moms, about what they do in the internet? Can you imagine a world in which people with these skills put them to use on something like solving energy problems, purifying drinking water, or educating the world? No, these ________s just sit around all day and figure out ways they can go shit all over some innocent person’s web site. For what? For “lolz”? I’d just like to get my hands around their slimy neck and ….
3. False Hope
Public Domain Wikimedia Commons image of Eddie Cantor
It is 1:30am, but you have found and manually cleaned out all of the infectious code from your site. Maybe you tweet or DM someone with a bit of boasting. You might get smart and change some passwords, but its time for some victory rest… except that within an hour, all of the hacks have returned!
How can they even do this? What can you do, but clean it again, because your site is down. Never mind that you are ignoring your work, your family, eating, bathing…
4. Depression and Abandonment
“Migraine” by Sasha Wolff from Grand Rapids – Can’t Concentrate: 14/365. Licensed under CC BY 2.0 via Wikimedia Commons
I cannot figure this out, nor can I stop it. What a lousy technical person I am, what a faker, I cannot even protect my own site. The internet sucks. Maybe I should find more honest work to do.
All of the resources you find online just offer hindsight, RTF, be more secure, harden your site, update the core, change passwords, etc. No forum or blog post offers anything specific enough for you to try. What good is this internet?
What’s the use? Why give of yourself to share things, when the slimeball bottom feeders of the internet can just reach in and inject their venom into the Domain of Your Own.
I am lost.
5. Appeal to a Smarter Power, Restoration
![By Philip Giddings [GFDL (http://www.gnu.org/copyleft/fdl.html) or CC BY-SA 4.0-3.0-2.5-2.0-1.0 (http://creativecommons.org/licenses/by-sa/4.0-3.0-2.5-2.0-1.0)], via Wikimedia Commons](http://en.wikipedia.org/wiki/Angkor#/media/File:Faces_bayon.jpg)
By Philip Giddings [GFDL (http://www.gnu.org/copyleft/fdl.html) or CC BY-SA 4.0-3.0-2.5-2.0-1.0 (http://creativecommons.org/licenses/by-sa/4.0-3.0-2.5-2.0-1.0)], via Wikimedia Commons
I have to face it, I cannot fix this situation. Find someone with more technical skills and experience. A wizard. A geek. A super guru.
Try and sit back and wait. Be patient. Let them deal with things. Try not to step in and muck about.
If you have the right wizard/geek/super guru, your site is eventually restored (if not, find a new wizard). Accept your lower station on the hierarchy of technical skills. And pay the wizard, Pay them well. They put aside what they were doing to sort out your mess.
6. Acceptance/Resignation
![Thomas Lawrence [Public domain], via Wikimedia Commons](http://commons.wikimedia.org/wiki/File:Portrait_of_Lady_Caroline_Lamb.jpg)
Thomas Lawrence [Public domain], via Wikimedia Commons
You cannot prevent this, but hey, it might not happen again. There are plenty of other targets out there. This is just how things are. There are jerks in the world, and sadly sometimes they cross your path. It’s not personal… Right?
FOL. The way things are. Can’t change the world. Just try to do what you do.
Not server administration.
UPDATE: Apr 10, 2015 I was derelict in also not crediting Tim Owens and Reclaim Hosting for helping us sort out the hack and plug the slime hole. Reclaim Hosting is #4life!
100 cheers for Pat Lockley and Tim Owens (and others at Reclaim Hosting)! Thank goodness there are also super wonderful excellent people out there willing and able to help. 1000 cheers for the ability of the internet to connect us to the great people–like you, them, and many others whom I would never have met had it not been through open, online work and courses.
I feel your pain! It happened to us this week, too. A terrible experience, especially because it all happened while I was on an airplane and then hit me as soon as I turned my phone back on upon landing. I was stressing, hyperventilating, nearly sobbing in O’Hare airport. Not a pretty sight. Finally got it working well enough that I could get on the train and go to my hotel to do the rest of the repairs. I wish bedbugs, lice and ringworm on all malicious hackers, permanently.
I’m glad you were able to clean up the pee in the rug. I have zero illusions this will stop happening. It’s the grungy part of human nature.
Bedbugs and lice are way to mild, ringworm better, I am thinking of severe intestinal parasites or a bed full of angry scorpions. Yeah, scorpions.
It seems odd that someone possessing the talents required to hack would be so intent on ruining someone else’s work rather than building his/her own cool site. I guess the point is to create anxiety described in the last post. Sick (and not in a good way).
Ugh.
But well grieved.
X2 on help from Reclaim Tim & Jim, who got edutalk.cc through a similar problem this week.
Immediate response and continued engagement helped me feel less horrible about being responsible for site with many contributors and content.