About Recent Stormeyes “Attack Site” Messages
Filed under: announcement
While looking forward to some chase potential on my day off Saturday, I need to address some recent non-storm related matters. This is not an April Fools’ joke; indeed, I wish it was!
Some folks may have noticed, over the past several days, that this BLOG, Al Pietrycha’s map service, two boards, and all other pages under the Stormeyes domain were offline, or (at first) had a red-flag “attack site” warning from Google and Mozilla.
Stormeyes is back online and running clean again. Only the top-level index files of the domain got affected. SkyPix; (which is pure HTML), this BLOG, our chase BLOG, and other subdirectories stayed clean but simply had to be taken offline for precautionary reasons. “Simply” only means “could have been far worse.” Stormeyes root content (8 year old photo gallery) itself was getting outdated and will be redone or replaced at some point in the future. In the meantime, the root directory will point to this BLOG.
I owe readers and linkers an explanation, and here it is. Our hosting company (Lunarpages) tacitly permitted a PHP hack to occur on our domain, and others on their servers, by failing to auto-update PHP versions shared by customers. If Lunarpages reps see this post and don’t like what I have to say, they can either fix their problem and start pushing the latest PHP to all customers (instead of not even announcing updates, and quietly requiring site masters to pull into them), or else stuff it where the sun doesn’t shine.
How it was explained to me by Elke, and by a federal techie I know, is that our top domain wasn’t “hacked” in the traditional sense (i.e., username/password breach), but instead, the index files “hijacked” by a bot (authored by Islamic hackers and unleashed via Turkish domain). It trolls that portion of the web occupied by infidels, finds that old-PHP vulnerability, then installs malicious code thru that leaky portal. These hackers actually had the audacity to respond on one webmaster forum, apologizing to a fellow Muslim for damage they did to his site while raping and pillaging others with the PHP vulnerability belonging to various infidels.
Yes, I understand about the “tiny minority” of radical wacko fringe elements, that they don’t represent the vast majority of “peace loving Muslims,” etc., yada yada and so forth. Whatever. This proudly all-American infidel from East Dallas has imagined meeting the a**hole cyber terrorist who wrote that code, and using my Black and Decker power drill to open up a “security hole” right between his eyes. Fortunately for all concerned, such an opportunity won’t arise.
We pulled in the latest PHP feed for that part of this domain that uses PHP, so all is safe and secure. But we’re probably going to move to another service (maybe Host Gator) that defaults to more recent PHP without the vulnerability. If so, let’s hope they stay up-to-date. Elke’s research on various webmaster forums shows that we were far from the only domain under Lunarpages and other old-PHP carriers that has been attacked of late, and in fact, were lucky to have gotten by as long as we did without such a problem.
This has been a big hassle for Elke the past few days, given that she has had better things to do (namely, paid work for paying clients). She doesn’t need this kind of crap heaped on her, but she is so resourceful, focused and mild-mannered that she immediately went about fixing things…no time to be angry. So…I got mad about it on her behalf.
My apologies for any irritation you experienced from Stormeyes’ outages…if you’re still getting a Mozilla or Google “Attack Site” flag under any Stormeyes address, ignore it.
Software Change for the BLOG
We interrupt this BLOG for an important announcement. Had this been an actual emergency, you wouldn’t give a flip. But since you’re reading this, here goes…
After several problems with security, poor SPAM filtering for comments and track-backs, slow performance, and general user unfriendliness on my end, we finally flushed Movable Type and switched the entire BLOG to Word-Press.
This includes all the previous entries and underlying database. Word-Press has a different file naming convention, which rendered all links to previous entries invalid. Elke, bless her heart, had to go through and update the links one-by-one, since that didn’t happen automatically. Still, if you happen across an unresponsive link to another BLOG entry, let us know and we’ll fix that.
As for comments, those had been disabled for a long time in MT due to an avalanche of SPAM that MT seemed utterly powerless to restrict. Somewhat regretfully, the only way to exterminate the infestation of digital vermin was to ban all new comments. I may try to open comments for the 2008 chases for awhile and see what happens; so if there’s a chase day for which you want to compare notes, look it up here and comment if possible.
Check out the cool things that happen when you click on a photo link. The image appears in a window that allows forward/backward sequential viewing of the chase day’s slide show. Just run your cursor over the right or left side of a photo and a forward or backward arrow will appear, on which you can click to go backward or forward in that day’s selection of chase photos.
We’re also considering some relatively unobtrusive web ads (at the bottom of the BLOG page) to offset the costs in overhead, as long as I have power of pre-approval over any advertising content. It’s not a done deal, so we shall see…
May 31 thru Mid June Storms — Soon to Appear!
Filed under: announcement
I’ll probably post a lot of the summaries for the storms of May 31 through mid June in another couple weeks, after returning home, catching up with necessities there, getting numerous large digital images from our cameras backed up on redundant media, selecting some for online use, then processing and uploading them. I’ve already written the bulk of summaries, but we want to have photographic accompaniment to the stories at the same time the stories appear…hence the delay. Suffice to say the storm observing excusrion has been a grand adventure as usual. Thanks for your patience…
===== Roger =====