Yay! OK… for those who’ve followed my automotive adventures to-date, my car blew a head gasket back in January. Because of finances and stuff I had to hold off on repairing it because I already had three vehicles and didn’t feel fixing my E46 was worthwhile. For those who don’t know, an E46 is the internal BMW code for the model of 3 series I have; See here for more information if you’re interested in learning more about the E46.
Well, I got the money together and in March I put my car in the shop to replace the head gasket, seals and stuff.
Fast forward… four weeks. Ack! Yesterday morning I got the call that my car was finally ready. I’m not happy about the time it’s taken to get it all back, but things are definitely better now that I can go get my car
Well, OK… maybe not. Maybe I was just hacked by someone with a script and a desire to build his bot army. Either way, this site was hacked over the weekend. Yay. I think.
Apparently, there’s a bug in Coppermine (which I happen to use to host the picture gallery) which is currently allowing a scripted hack. This hack inserts an invisible frame into every page that hits some script, the usage of which is not known by me since it was down when I got hacked! I found a lot of good info here about exactly the hack I was hit with, but not much about what it actually does.
So, what did this mean for me? Well, it means those people I promised last week I’d send them email… well, I will this week… promise! I spent a good chunk of yesterday (Sunday) going through my site, securing it and cleaning up hacked pages. It affected every HTML and PHP file that was owned by the user that Apache runs under. Easily fixed; remove write access to the Apache user to all its files… it doesn’t need to write anything anyway!
Unfortunately, at the moment the fixed version of Coppermine (1.4.16) is not yet available through Gentoo’s Portage… so I must either download it myself or wait until it hits Portage. I think I’ll wait; keeps my system nice and clean and easy to work with
So, if you see anything amiss on the site, PLEASE let me know. I didn’t feel like cleaning up WordPress or Coppermine, so I reinstalled them both on the site then secured them. So things may not be exactly as they were last week… but it ought to be close enough.
And if you visited my site after 9:19am on Saturday morning, make sure you scan for viruses and/or trojans! That’s when the hack hit.
That’s all for this update. End of line.
In part, to track my vehicles and the changes they go through, I’ve added a new “Automotive” category. That way, you can also ignore my posts if you don’t really care Read more if you’re interested, otherwise move along… nothing to see here. Continue reading