Thoughts on economics and liberty

Four of my domains hacked! A steep learning curve.

Some of you might have noticed that my blog and (indeed) a few other websites, including Freedom Team (which I fund and host on behalf of the Team), have been behaving very erratically over the last 4-5 days. That's because four of my domains were hacked.

The first major round of attacks took place in early February this year, disabling my blog and forcing a re-install of most things.

But then recently all kinds of problems started happening. Blog passwords got stolen, "phishing" stuff was planted in various directories on my domains, and thousands of emails went out purporting to be from Paypal or Wells Fargo or some such thing. Over 20,000 emails have flooded my domain's inbox in the past week, which is only a small part of the fake emails sent out from my domains (many of these are emails bouncing back). A total racket, these hackers, have caused. I've been made into a spammer.

Google itself got involved and sent in many messages about the attacks, even universities sent in messages, and Paypal sent in messages. The support team at my web hosting company did their best, but for a mere $4 per month one can't expect them to solve the entire thing themselves.

Fortunately I had the valiant support of Anubhava Srivastava, an FTI member, who worked doubly hard in his spare time to identify and eliminate problems. As a result of all this the attacks have (I think) finally been conquered. Now comes the task of fully re-establishing these domains once again and ensuring that security is beefed up.

In this process I've learnt FAR more about WordPress than I ever wanted to. A very steep learning curve. I also got my hands dirty by re-entering the UNIX shell  – something I had not done for over 7 years  (and indeed, not seriously for over 13 years) – hence very rusty!

Vague terms like backup systems, mysql databases, .htaccess files, security plugins, etc., that I thought I'd not need to know about with WordPress systems, came back to haunt me. WordPress is not foolproof. You need to be very cautious about running these blogs. Security loopholes are far more common and far more dangerous than one imagines. It appears that if I am to operate WordPress blogs I have no choice but learn about such things. Had this blog continued on blogspot (where it happily resided till July last year), Google would have managed the security. With my own domains and blog installations, I am directly responsible. A great challenge.

This blog is still limping. I'm unable to recover the 'widgets' I had on the right hand column. All the "nice" things are gone, I'll have to recreate them over the next few weeks. 

Overall I've already spent well over 20 hours in the past 4-5 days fighting these attacks. I wrote some time ago about the massive loss of productive time caused to humanity by hackers and virus generators, estimating that they have eaten up at least 4 years of my life so far. It is unimaginable how much they harm the world's GDP each year. Without such EVIL people we would have needed lesser security and therefore could have done more productive things.

These leeches/ crooks/ scoundrels/ rascals (I can't find a word strong enough for them) have demonstrated again the essentially VILE nature of man. Hidden from sight, these scoundrels destroy other people's time.

It is for dealing with such EVIL people that we need governments.

I don't have the time to lodge a complaint with the police, but hope that someone somewhere is busy trying to track these crooks down and bring them to book.

Let me now try to get back to work (I'm on leave this week) and retrieve at least some of the MASSIVE amount of time I've lost.

ADDENDUM

30 March 2011. Still struggling. Found this extensive, useful blog post on WP security. Very daunting!

Here's another one.

Here's very useful information.

Please follow and like us:
Pin Share

View more posts from this author
10 thoughts on “Four of my domains hacked! A steep learning curve.
  1. Zzleepy

    Criminal hackers must have found it profitable to attack your blogs, especially those carrying unflattering information. It means you have arrived, and the information is valuable, probably even authentic !

     
  2. Sanjeev Sabhlok

    Dear Zzleepy

    I’m not sure about that. These things are pretty random, I suspect. They are looking for some webserver to pretend to be something else and send out lots of emails. All servers can be compromised. Stronger security is called for. I think WordPress has serious gaps in security and they must get their act together, or at least provide clear instructions on how to strengthen security.

    Regards
    Sanjeev

     
  3. Dr Tenzin Gogoi

    Dear Sabhlok
    Might our Govt is modelling China because in Facebook also something very fishy had happened.The organisation "India Against Corruption" a sub mask of Bharat Swabhiman created an Event for 5th of April i.e the day when Fast Unto Death of Anna Hazare  would begin at Jantar Mantar within 3hrs it had around 5000 "Confirmations" as Attending but soon after confirmations event disappeared for a while then now it shows Event Cancelled??I asked the IT team but they are Totally unaware but they have filed a problem with facebook yet no reply from them.Many a times their official site become Access Denied etc.
    Extent our Govt is feeling vibes of Bharat Swabhiman
    On 27th Feb 2011 at Ramlila maidan,Delhi around 1.6-2Lakh people attended
    1}Around 300Buses were stopped at Delhi Border
    2}Just a Night before rally whole area/Maidan was delibrately filled with water like a shallow pond.
    3}Astha Channel was Banned on that day and we feel it would again be Banned on 5thApril 2011.
    4}On5th April it would such a massive National event but till now news channel are interested in showing crap bollywood stories actually garbage from all over the world get culminated in Indian Television.

     
  4. Sanjeev Sabhlok

    Dear Dr Gogoi

    The hackers on my blogs were PURE criminals, intent on fraudulently stealing money by sending fake emails. They had no political intent. But I’m concerned to hear about what you are saying. Please send me more information with documentation and I’ll put out some thoughts on that. I believe the government of India can’t control Facebook. There must be some other explanation.

    Regards
    Sanjeev

     
  5. Anand Philip

    Hi sir
    I would be happy to help out if you have any future problems, am pretty good at wordpress and manage my sites myself.
    Do consider moving to a better host if host side troubles are increasing, will be happy to support hosting fees.
     
    regards
    anand
     

     
  6. Sanjeev Sabhlok

    Thanks for that, Anand. The host is actually quite good, and Anubhava, as I mentioned, is absolutely brilliant.

    Having said that, I don’t mind a few tips from you re: key security features I must be on the lookout for. Basically, people have been able to access and plant files onto my web server. How does one stop such things?

    Regards
    Sanjeev

     
  7. Sanjeev Sabhlok

    You are right, Dr. Gogoi. This is an action with political implications. I suggest that in addition to reporting to FB, the people involved start a fresh FB page. In any event this information is widely available on the internet. I wish this event, indeed Anna Hazare the very best. 

     
Social media & sharing icons powered by UltimatelySocial