About Recent Stormeyes “Attack Site” Messages

This is a lightly edited re-posting of a message already uploaded to the Storms Observed BLOG.

——————

Some folks may have noticed, over the past several days, that this BLOG, Al Pietrycha’s map service, two boards, and all other pages under the Stormeyes domain were offline, or (at first) had a red-flag “attack site” warning from Google and Mozilla.

Stormeyes is back online and running clean again. Only the top-level index files of the domain got affected. SkyPix; (which is pure HTML), this BLOG, our chase BLOG, and other subdirectories stayed clean but simply had to be taken offline for a short time for precautionary reasons. “Simply” only means “could have been far worse.” Stormeyes root content (8 year old photo gallery) itself was getting outdated and will be redone or replaced at some point in the future. In the meantime, the root directory will point to our storm observing BLOG.

I owe readers and linkers an explanation, and here it is. Our hosting company (Lunarpages) tacitly permitted a PHP hack to occur on our domain, and others on their servers, by failing to auto-update PHP versions shared by customers. If Lunarpages reps see this post and don’t like what I have to say, they can either fix their problem and start pushing the latest PHP to all customers (instead of not even announcing updates, and quietly requiring site masters to pull into them), or else stuff it where the sun doesn’t shine.

How it was explained to me by Elke, and by a federal techie I know, is that our top domain wasn’t “hacked” in the traditional sense (i.e., username/password breach), but instead, the index files “hijacked” by a bot (authored by Islamic hackers and unleashed via Turkish domain). It trolls that portion of the web occupied by infidels, finds that old-PHP vulnerability, then installs malicious code thru that leaky portal. These hackers actually had the audacity to respond on one webmaster forum, apologizing to a fellow Muslim for damage they did to his site while raping and pillaging others with the PHP vulnerability belonging to various infidels.

Yes, I understand about the “tiny minority” of radical wacko fringe elements, that they don’t represent the vast majority of “peace loving Muslims,” etc., yada yada and so forth. Whatever. This proudly all-American infidel from East Dallas has imagined meeting the a$$hole cyber terrorist who wrote that code, and using my Black and Decker power drill to open up a “security hole” right between his eyes. Fortunately for all concerned, such an opportunity won’t arise.

We pulled in the latest PHP feed for that part of this domain that uses PHP, so all is safe and secure. But we’re probably going to move to another service (maybe Host Gator) that defaults to more recent PHP without the vulnerability. If so, let’s hope they stay up-to-date. Elke’s research on various webmaster forums shows that we were far from the only domain under Lunarpages and other old-PHP carriers that has been attacked of late, and in fact, were lucky to have gotten by as long as we did without such a problem.

This has been a big hassle for Elke the past few days, given that she has had better things to do (namely, paid work for paying clients). She doesn’t need this kind of crap heaped on her, but she is so resourceful, focused and mild-mannered that she immediately went about fixing things…no time to be angry. So…I got mad about it on her behalf.

My apologies for any irritation you experienced from Stormeyes’ outages…if you’re still getting a Mozilla or Google “Attack Site” flag under any Stormeyes address, clear your cache. We’ve had them re-analyze the domain and all such warnings should be gone by now.



Comments

Leave a Reply

You must be logged in to post a comment.