Categories
Weblogging

Kitchen was hacked

Recovered from the Wayback Machine.

The IT Kitchen was badly hacked. I had thought I had set the user permissions up so that this couldn’t occur, but obviously not.

Due to this, the Kitchen is closed, probably permanently.

I found the problem that led to the unusability – the siteurl had been changed in the database. This should not have been editable by any of the accounts on the site but admin, so not sure where the ‘hole’ is. I’ll review the logfile.

WordPress users note–critical bug found

This is a vulnerability in 1.21.2.1 WordPress weblogs in addition to 1.3a, as has been noted here with a possible workaround, fix.

This isn’t a hack, as it is a serious bug in the code impacting on both 1.2.1 and 1.3 users. I’m still reading through the notes on this, but I’ve commented out the offending line in the wp-login.php file and we’ll see if that works for now–at least until the WordPress developers respond with something.

What seems to be happening is if the site request differs from the URL contained in the options table, WordPress attempts to ‘fix’ the problem, by making a modification of the URL. So it would seem that if someone tried to login using http://www.itkitchen.info, rather than http://itkitchen.info, under the right circumstance, this literally broke the site.

There seems to be an .htaccess fix, but I removed the line that ‘attempted to fix’ the value – because that’s a scary damn line to have in an exposed file like this.

 

Final Update

This was either a deliberate exploitation of a known WordPress vulnerability, or a bizarre case of cookies gone mad.

If you type something like the following at IT Kitchen, before I took out the update. you would break the site:

http://www.itkitchen.info/wp-login.php/wp-content/themes/kubrick/style.css

That’s it; that’s all you need to do. Just that – not a damn thing else. You don’t need an account, a user login, nothing. Just that URL. What triggered this is that http://www.itkitchen.info is not the same url as http://itkitchen.info. But what made it devestating was the addition of wp-content material. This makes it so that the site breaks completely.

Now, it’s easily fixed. Just do something like the following:

http://itkitchen.info/wp-login.php

This resets it back correctly.

I am pretty sure that no matter how you protect your site with .htaccess rules, I can easily hack your site in this way. Find the following line in wp-login.php and remove it:

if ( dirname(’http://’ . $_SERVER[’HTTP_HOST’] . $_SERVER[’REQUEST_URI’]) != get_settings(’siteurl’) )
update_option(’siteurl’, dirname(’http://’ . $_SERVER[’HTTP_HOST’] . $_SERVER[’REQUEST_URI’]) );

Categories
outdoors Photography

From the hike

Two photos from the hike today. I have others and a hiking story, but I don’t have the writing itch tonight. Maybe tomorrow.

It was a tough hike, but beautiful. Limestone carvings and cliffs and ferns and lots and lots of boulders to climb over. Supposedly there are orchids around this area in the summer.

 

Categories
Connecting

Confidences

I’ve just returned from a hike that was harder than anticipated, though incredible for all of that. Unfortunately, when I turned on my computer to upload photos, I received several emails, all related to an email I had sent out earlier to Marc Canter and three other people.

An email where Canter completely discounted what I wrote in favor of someone who was ‘higher profile’ who had responded to it. An email that was forwarded on to several other people, and used to create a ‘backchannel email list’. An email that was ended with:

By the way, this is NOT for publication in your weblog. Or distribution outside of this tiny group.

I guess that within certain weblogging circles, and with certain webloggers, confidences are not respected. It’s my fault, though; I should have known better than to expect courtesty or confidentiality from Marc Canter, because all Marc Canter respects is Marc Canter.

What did surprise me was that no one else on this list took Marc to task, or even felt there was anything wrong with it. What the f**k is wrong with webloggers now?

The word ‘respect’ is being bandied about, primarily because of money and this whole ‘blogging for dollars’ crap. But respect is more than just money — it’s also how you treat people.

(By the way, if someone pays me to write about my hikes, that’s being paid to weblog; anything else is nothing more than product endorsement. We pride ourselves on our honesty, as compared to “Big Media”; yet in this first genuine test of blogging commercialization, we won’t even call an endorsement, an endorsement. )

Categories
Books History

One hundred trails

I had a successful venture at the library last week and came home with several very good books. One is Birth of a Chess Queen by Marilyn Yalom, which I found to be a very entertaining book and plan on writing more about later.

I also found a book on the Korean “comfort women”, women held as sex slaves by the Japanese in World War II. It’s titled Comfort Women Speak: Testimony by Sex Slaeves of the Japanese Military, and features nothing more than each woman’s account of her experiences. It’s a compelling, though oddly unemotional book — stark, and made more so by the photographs of the women included with each woman’s testimony.

A third book was The Hungry Ocean by Linda Greenlaw, the female swordfish captain featured in the movie The Perfect Storm. This is an interesting story about life on a swordfishing boat, but for some reason her writing just hasn’t grabbed me that much and I’m not sure I’ll finish the book.

The last book was a lucky find, One Hundred Nature Walks in the Missouri Ozarks. This book details several new hiking areas I wasn’t familiar with from my other books. And since today is the first nice day we’ve had in almost a week, I think I’ll take a break from this computer and my work on the commerce site and weblogging, and go for a walk. Maybe I’ll be lucky and find a photo or two.

Categories
Just Shelley

When things work

This weekend I also spent time reformatting and re-installing Windows 2000 on my laptop. As I was digging out the old disks, I realized I had forgotten what I needed, it’s been so long since I did a reinstall. And the disk itself was quite old, from the last of my Developer Network subscription in early 2001.

I did remember, though, that I would have to add in several security patches from the Microsoft site after the OS was installed. Unfortunately, though, all I had was a modem connection. I had installed the accelerator software on my Mac, but not the Windows machine, and without it downloads were amazingly slow. Still, it’s just a matter of starting the load, keeping the connection going, and getting the job done.

After the install, I accessed Microsoft and the update page. The update service failed twice, as software to handle the automated update had to be installed; eventually it worked and I got a page of new software I would have to install. Close to 60M of software!

I started with the larger security service pack update, which was 25M. As I was downloading it, I noticed a message pop up. It said something about my system was using unprotected software and recommending that I click a button to update my machine. The first one I got I thought was part of the install process, and clicked okay. My machine started to get funky, and the next ones I got, I examined more closely and could see they weren’t part of the install. I had no idea where these messages were coming from, and couldn’t seem to stop them, so I closed out of each using the window control buttons.

When the machine finished the download and install of the service pack, I re-booted, but when Windows opened, first one of the laptops fans started and then the second one. Checking the processes, I could see some strange ones running uncontrollably, and I couldn’t kill or shut them down. It would seem that as I was using a very slow modem to download the software to protect my Windows 2000 installation, something had crawled in.

I was pretty peeved, as you can imagine. After spending all day downloading software, I would now have to start over again using the same slow modem and the same exposed machine. Damn Microsoft and its damn buggy software! Damn the modem, and all software, and hardware for that matter, that doesn’t work.

After fussing and fuming for about an hour, I went to bed with a really good book and just ignored all of the machines. The next morning, the first thing I did was to pull the modem card from the PC and re-install it’s wireless card. I then switched my Airport back on in my Mac, connected the accelerator-enabled modem in this machine, and turned on internet sharing for the modem connection. I also opened up a secure shell (SSH) to Burningbird, went to my raw logfile directory and did a ‘tail -f logfile’ to keep a running print out of the log file. Doing this would help keep the modem from being disconnected by the ISP.

From there it was a simple matter of re-installing the operating system, accessing the Microsoft site and installing the recommended security updates. It was still slow, but stable, with a connection that would last on the PC, even if I were to lose dial-up on the Mac. And which wouldn’t have to be reinitiated with each update reboot.

More than that, my Mac was keeping the connection protected so my vulnerable little PC would be left alone long enough to get the security updates it needed.

While this was happening, I read my excellent book some more, looking up from time to time at the smooth flow of data to my machine (it took all day to download the software), and thinking wasn’t it great when things worked.

It worked last week when I realized I had accidentally deleted an entire directory of photos and was able to download My File Recovery to help me recover them. However, before I went to download the entire OpenOffice installation for the PC today, at close to 50M, I also re-established my cable modem. Now, things that worked great are working even better.