snogfever.com

. . . with the same record.

Houston Calling

Space City Rock

I think I may have had a grown-up level epiphany, although that is problem not best description. Last weekend, I suddenly made this decision that I want to buy a house and I want to have kids. As bizarre as this might sound, it wasn’t so much a conscious shift, but almost sub-conscious. It’s as if I’ve let myself go, dropped some barriers, and decided to take that big plunge.

This whole week at work, I’ve felt completely unlike I have felt before. I simply wasn’t going to waste my time being nice to negligent-lazy-ignorant people, I wasn’t going to be borderline exploited, and I definitely wasn’t going to stick working in the same job role - because I find it challenging (but not paid well). I’ve spent all week casually looking for new employment (in the same company), I’ve told my managers that I am looking for something different (and why), and I’ve been house shopping.

I’ve been fortunate that I have good managers at work, so I have their full support. Also, I’ve pretty much got my head wrapped around house mortgages. So, between a little help (thanks Dad) and some savings, I think I might be sorted.

Michel Gondry makes me feel young forever.

Be Kind Rewind

Be Kind Rewind (Sweded)

After 3+ years, I can now say I am getting a little bit closer to being an Australian.

My first cricket match (if India getting absolutely slaughtered counts as cricket) and my first swim in Australian waters (Note to self: bring wet suit next time)

Well, I don’t know what to say. This website has finally been exploited and breached. After several years of keeping this site going, I finally managed to get sloppy and overlook something. I am sort of unsure how much I want to reveal, as I would prefer not to be targeted again.

What the hell, maybe this will help someone else.

I have been keen on posting again since fully updating my Wordpress version and playing around with all the various plugins and widgets. However, I haven’t done much over the past couple of weeks, due to my hectic work schedule.

Unfortunately, when I woke up this morning, I found the following:

At first, I was more alarmed that someone (or something, as these are usually automated bot attacks) had changed the title of my website. Yes, I was freaked out. Lots of questions started running through my head:

- How did they manage to do that?
- Has my password been breached?
- Why does it appear only limited to the title?
- Okay, if only the title, have they only exploited one function?

Yes, I was shooting in the dark. I am no security expert, but I could tell this could be MUCH worse than I imagined. Immediately I logged in and tried to see if anything else had changed. On the surface, I could see nothing obvious. Then I took a closer look at the errors at the top of the screen. I have had some previous errors with my theme (which is just a standard WP theme designed by: Andreas Viklund), but this looked a bit different. Upon closer inspection, I noticed that something was trying to call a file located on another website.

Have a closer look:

Okay, why was my website now trying to reference a text file somewhere else?

This is where I got a little reckless. I went to the domain of that website and found it to be a Mac 3d application forum. Okay, nothing threatening there, just a bunch of Mac drafting nerds.

Then I made the mistake of going straight to that file.

Well, as you can imagine, that was probably the dumbest thing possible. As soon as that file was opened in my browser, Symantec Anti-virus kicked in to try and contain the threat. From all intents and purposes, it looks like nothing happened locally on my PC. Note, I am saying that with a knock on wood and ‘please please PLEASE don’t be infected!’ chants.

Okay, so there is another website out there that is serving a virus. My only guess is that my host (or perhaps my dumb luck) disallowed snogfever from linking or displaying the virus hosted on that Mac forum. Perhaps I have been lucky to even get a clue like this. I imagine that in lots of cases, there are no messages left behind to indicate something has happened. Therefore some people don’t even know they have been infected.

I tried to do the right thing and register on those forums, so I could put up a post. Unfortunately, all registrations are disabled, so I emailed the parent website’s email address to advise them of the virus. I really doubt that they will reply, but we will see.

Okay, back to that file. Thanks to Symantec, I was able to dig a little bit more information up about that file. In short, the file being executed is a backdoor for PHP enabled web servers. What its a backdoor to, I am not sure. Just keep in mind the things that are related to backdoors… like that hole you crap from, escape routes for that guy banging your wife, etc are all really bad things.

Based on the fact that Symantec recognized that file and I am not serving anything from my local PC, I *think* we are good here at home. Now, back to my website. In my previous exposure to security events, I have seen some pretty radical actions by security experts. This has ranged from bag and tagging equipment to essentially nuking everything on a PC. I decided the best place to start would be to wipe everything on my web server that wasn’t just a .jpg file.

This is where I had my second total freak out.

I was going through the standard Wordpress image upload directory, when I found a PHP file that had been newly created in the past couple of days. Funnily, despite this mornings events, all my collective neurons could only come up with: ‘that’s odd…’.

At this point, I thought it may be related to a some silly plugin I have, like Geo Mashup or just a standard part of Wordpress. Well, it didn’t exist anywhere else in my installation, so I had a look at the file contents (again, probably reckless, considering what happened the last time I did this).

As you can see, that doesn’t look like your normal happy-go lucky Wordpress PHP file. Not only does it have some non-english characters, but it looks suspiciously like someone wanting to advertise their skills. After a little bit more reckless exploring and I had a look at their website, courtesy of Google translations.

Third freak out.

Now this is when I started to get really nervous, despite everything that has happened so far. Why? Well, I am going under the assumption that if my website got compromised because of Wordpress, I simply have to nuke everything related to Wordpress and we are back in business. However, after doing a fair bit of reading on their website, you can easily tell these guys really know what they are doing. In short, these guys are talented.

Bloody hell.

If my database, which contains all the content for this website, is compromised… I might as well give up. I simply don’t have the MySQL sophistication and understanding of Wordpress table structure to do weed out any malicious changes to the database. If the database has been tampered with… well, this website is now disposable.

Where do I stand now?

Well, I’ve got a fresh install of Wordpress and I have installed the handful of plugins I use. I have removed everything in my database that is not a default Wordpress table. There were quite a few, as I’ve been running this site from the b2 days (but not using the old content in the database). My guess, is that I still have a vulnerability somewhere, but I simply do not know where. Perhaps in my haste to recreate snogfever, I have left something open in terms of file permissions, or have some old plugin which had a security flaw. I may never know, but I’ll have to wait and see what happens.

I am just damn angry. Battles in Australia, sold out all over the joint.

I have admit that listened to Battles a long time ago, wasn’t that impressed and had put off listening to Mirrored. I missed out, and now I have missed out.

Should I bother seeing Caribou?

Reminder to myself: Caribou on the 19th @ the East Brunswick Club

Can anyone who is bored and perusing music stores back home try and check this bass amp out?

Mark Bass Little Man II - 500 Watts and weighs 6.39 pounds (2.9 kgs).

If it sounds good, I would be happy to send some cash for a shipment over. Unfortunately the same amp costs 40% MORE here in Australia (ie - I can’t afford it).