May 5th, 2010

big damn wrench


Business as Usual

The next EMG-Zine theme we're collecting for is 'familiars.' Submit artwork here: or see the guidelines for writing:

I've also posted themes through the end of 2011, if you want to work ahead! Upcoming topics include:


July - Familiars
August - Roses
September - Ravens
October - Bards
November - Storms
December - African mythology


January - Creation
February - Rabbit
March - Gryphons
April - Wind
May - Dryads
June - Jewels
July - Butterflies
August - Owls
September - Mushrooms
October - Scandinavian Mythology
November - Frogs
December - Ships

So, yesterday's Torn World links issue? Was not a livejournal issue, though it was similar in execution to their affiliate link re-writing fiasco. They have completely disabled that. What happened was that Torn World itself got hacked and the .htaccess file was re-written. All incoming links from sites that included the words google, msn, live, altavista, ask, yahoo, aol or bing were being redirected to that search pages crap. Very, VERY sneaky hacking, as I would never have even noticed the problem if I had not checked the link from livejournal. Lesson? Keep an eye on your .htaccess file. Check the status of your links from search engines. And if you spot this behavior with some other site, let the webmaster know so they can fix it and change their passwords.

Livejournal and Dreamhost support were quite swift and accurate in their help in pinpointing the problem.

And naturally I have changed the password, not just here, but at several of my other sites. Of course, I can never do things the EASY way, so I figured 'oh, I'll consolidate my user accounts at the same time and just switch Torn World over to the account I use for project A.' HAH. There were linked included files in the main user root that had updated functions, which promptly broke most of the site... it's all fixed now, but it was a major headache to figure everything out, and I ended up crawling for help to php guru Ron, who managed to track down a problem I never would have spotted. It's a good change, in general - those included functions had been updated for good reason and the whole system is more secure now, but it was not at all on the timeline I was planning to make the upgrade.

And speaking of Torn World, I have a new story up, the sequel to Cure or Cause?, Cause and Defect. If that link doesn't work correctly, I will kick and scream and maybe cry a little.

ETA: OH, beautiful. THAT user got hacked too. I changed the password when I got up this morning, just in case, but didn't actually check to see if it had already been hacked, and why yes, it had. Happened overnight. FRY IN HELL, YOU SPAMMER BASTARDS. Fixed now. Checked all my other sites.

Today, I want to get commission-control to beta testing, and work generally on this massive list of things to do:

Art and Authoring

Go read Cause and Defect! Comment here or there!

I've pulled up Homecoming a few times and squinted at it in disgust. Mostly, I'm in coding mode. If I felt better sitting more upright, I might paint today. I might, anyway.

Home and Health

Still weak, but continuing to improve. I sat too long at the table doing drafting yesterday, which caused soreness, but it's better this morning. I've entered a fabulous new stage of healing with the incisions: INCREDIBLY ITCHY. It even itches inside...

I paid for the nephews' summer camps yesterday, too - it's their combination birthday and Christmas presents, and they should have fun. Ethan picked Tae Kwan Do camp and Isaac is doing Archery camp.

Okay! More code now, and some emails!


You may disregard these, if you like, or click on them, and see if you get sent to spam and report back. I found that they left a crack in the site that allowed them access after I changed the password, and have deleted it, so hopefully this is the end of things, but SWEET JESUS. I hate spamhackers.
ellen with wrench

Hacker update...

Okay! I have leveled up in security, installed some new programs and learned far more about IP tracking, shell access and security cracks than I ever wanted to.

On the up side, my passwords were never compromised. I could verify that no one but myself has logged into this user since May 1. The logins were consistent with the times I was working on the site, and from my verified IP.

The crack came from old wiki software I'd left at Torn World, that moved over when I transferred the site. Logs show clearly that a particular page on the wiki was being accessed at regular intervals that coincided with the timing between hacks, from an IP that visited no real pages at the site. Why the wiki software has a crack that major? I can't say. But let my trials be a lesson to you: Update your software. Or, better yet, don't use out-of-the-box software when you can help it. I am SO SO SO glad I moved the original TW wiki over to the site.

It has been deleted. The folder structure has been majorly purged and all the old versions of the forum have also been scrapped.

Bastard hackers have been thwarted. I am triumphant.

A day behind, now, but triumphant.

Also, it is snowing like crazy.

FYI - hacker not fixed yet...

Deleting the old wiki has not solved the problem. I have done the short-term fix, but suspect the links will be back to spam by morning.

Your reports are helping, at least - I am able to reverse their tampering very quickly once I catch it.

Debating the best cure at this point - this user account has hundreds, maybe thousands of files associated with it, not all of them neatly organized, and I'm not entirely sure how to pinpoint the problem. I am debating a complete purge, replacing sites page-by-page as I verify they are clean. It would certainly clear out some dead weight. It would probably also take several days.

Thinking. Not going to start anything drastic this late at night.

ETA: Mmmm... trying something else that's easy, making the .htaccess file read-only. Maybe they'll be unable to overwrite it.