Patrick Ruffini

April 07, 2003

WEEKEND FROM HELL: If case you're tried to access my site any time since Friday night and are wondering what's going on, here's your answer: yes, it's that bad. Well, not bad in the sense of my 840 or so entries getting zapped, but my web site has been inaccessible for almost 72 hours now, and out of desperation (and in anticipation of Iraq Liberation Day), I'm setting up shop here at Blogspot temporarily.

At around 2:48 a.m. on Saturday, someone with the IP address 202.156.2.130 accessed my site and attempted to run all sorts of weird PHP commands off a query string in the URL, apparently attempting to upload (or, wget, in the vernacular) a hacker application hosted at egold-asian.com, a "legitimate business" in Hong Kong. If I were Chemical Ali nasty, I'd hope they got SARS.

Apparently, this triggered some alarm bells over at my ISP (although nothing bad happened), and I've been locked out of my site since 4:46 a.m. on Saturday. I am aware of a reported vulnerability in my antediluvian Greymatter setup wherein someone can post PHP code to the comments, and someone has in fact tried to do this without success. (Examples here, and it's explained further here.) But this is not what happened this time, and I've never heard of a hole in Greymatter that could allow someone to actually upload stuff by manipulating an URL — at least that's what my server logs say happened. Anyway, it's not clear that my server was ever actually in any danger, and I'm working to get the real thing back up as soon as possible. And yes, I'm getting Movable Type. Soon.

In the meantime, you can still e-mail me your comments at me {at} patrick ruffini {dot} com. I have to hack in to read my mail, but I'm not totally cut off.

0 Comments:

Post a Comment

<< Home