- Diamond Jim Brady's is a gem unexpectedly in the middle of a bunch of chains including Qdoba and Olive Garden. But well worth the visit in Novi, MI #foodporn Steak Coulotte… Paired with a lovely Cabernet. - October 22, 2022
- Looks like I was spotted on the Tail of the Dragon by @killboy during my recent trip. Such an amazing ride… this picture even nicely caught the dead bug on my fender and how disgusting my windshield was 🙂 #motorrad Shame my boots didn't survive the trip. - October 13, 2022
- #stlnanuq thinks you need a margarita… #siberianhusky #huskiesofinstagram - October 13, 2022
Well, OK… maybe not. Maybe I was just hacked by someone with a script and a desire to build his bot army. Either way, this site was hacked over the weekend. Yay. I think.
Apparently, there’s a bug in Coppermine (which I happen to use to host the picture gallery) which is currently allowing a scripted hack. This hack inserts an invisible frame into every page that hits some script, the usage of which is not known by me since it was down when I got hacked! I found a lot of good info here about exactly the hack I was hit with, but not much about what it actually does.
So, what did this mean for me? Well, it means those people I promised last week I’d send them email… well, I will this week… promise! I spent a good chunk of yesterday (Sunday) going through my site, securing it and cleaning up hacked pages. It affected every HTML and PHP file that was owned by the user that Apache runs under. Easily fixed; remove write access to the Apache user to all its files… it doesn’t need to write anything anyway!
Unfortunately, at the moment the fixed version of Coppermine (1.4.16) is not yet available through Gentoo’s Portage… so I must either download it myself or wait until it hits Portage. I think I’ll wait; keeps my system nice and clean and easy to work with 🙂
So, if you see anything amiss on the site, PLEASE let me know. I didn’t feel like cleaning up WordPress or Coppermine, so I reinstalled them both on the site then secured them. So things may not be exactly as they were last week… but it ought to be close enough.
And if you visited my site after 9:19am on Saturday morning, make sure you scan for viruses and/or trojans! That’s when the hack hit.
That’s all for this update. End of line.