*@&$, #%@&, &%%, Damn!

My two favorite curses. I like both of these equally and choose one only based on the situation:

1) What might be called a "Magic Square" of curse words:

SFPD
HUIA
ICSM
TKSN

I have cleverly written them vertically, so that my Posterous (and related sites) aren't flagged as Naughty. Movie fans will recognize this (or something extremely close) as what the pitcher mutters when the batter has belted the pitch into deep left and multiple runs are destined to score. It is to be spoken as a single, four-syllable word.

I like this one because really, you feel as though you've covered it all. You've definitely, definitely cursed, and now you're free to move on and deal with the situation that you're cursing over.

2) "Goddamn it"

This is easier to get away with in polite society. But its true selling point is that it's a full phrase, complete with a compound word. You can really put some creativity and juice behind it. Those one-syllable curse words? It's "one and done." But this one can be bent and twisted around to suit the situation and mood. Viz:

"God DAMN it!!!!" - The pause between the first and second words (go ahead, take a full second) lets you put full force and conviction behind the verb.
"Gawwwwwwwwwwd dammit!" - Resignation. You're upset, but you're not going to waste a lot of breath over it."
"GADDAMITTT!!!!" - Run. If you can hear me, just...run. Please.

And let me tell you why this is on my mind right now:

I was on Twitter this afternoon and I read about a distributed attack affecting self-hosted blogs running anything other than the latest edition of Wordpress:

http://lorelle.wordpress.com/2009/09/04/old-wordpress-versions-under-attack/

I went with SFPD.

(Oh, dear. Bad PR for the San Francisco Police Department.)

I'm singly responsible for two different Wordpress blogs: Ihnatko.com, and The Top-Secret New Blog which I'm still building. Top Secret wasn't hit (it was using the latest edition of WordPress, which is holding firm, for now) but yup, when I visited Ihnatko.com (running Wordpress 2.6-something) on my iPhone, it had all the telltale signs. The only visible sign of a problem is that all links to individual posts have had some gnarly looking stuff added to it, so nothing really works.

The good news: whatever-it-is doesn't take down the site. So when I got home a little while ago, I was able to back up the databases. All of the content I've written for Ihnatko.com is intact.

The bad news: it hits the site deep, deep down in the database, adding all kinds of nastiness, and it also creates a new admin account. So "nuke the old site and restore it from the backed-up database" won't work. But the "nuke the old site" bit is probably going to have to happen regardless. God only knows what this

Unfortunately, this news broke after I'd left the office. I was on my way to a memorial Mass for my Mom. I did some more research in the church parking lot and did some inventory of everything I could possibly do from my iPhone in the ten or fifteen minutes before going inside. I came up blank. I was up the creek without a paddle.

(And if I had a paddle, I'd use it to beat the people responsible for this attack to death.)

It was truly one of those "Que Será, Será" moments. Also an opportune moment to seek counsel from a clergyman. His sermon was about the silence of God and during a segueway about all the noise of modern life, he made a comment about iPods. Though he couldn't come up with the name of the music player that defined and created a whole new market and changed our whole relationship with music.

(True.)

So I don't know if he'd be the right guy to hit up for spiritual advice in this particular crisis.

"Father," I would say. "My CMS software is one iteration behind in its updates, and has been hit by a worm that infiltrates spambot code into the site's permalink structure using a classic JScript overflow exploit. Apparently, in addition to creating a ghost admin, it corrupts the entire MySql wp_ database so that only a nuke-and-rebuild can clean the malware..."

I bet he would have tried to help anyway. He would have found something useful in the Book of Job. There usually is.

Ultimately, I took an inventory of a different kind. Maybe it was the influence of being in a church but I decided that things would work out ok.

1) The only thing I'd get upset about would be if I'd lost all of the hundreds of comments people left in response to my post with Mom's eulogy. Nice little irony, there. But I'd already anticipated this sort of thing: when comments stopped coming in, I printed it into a PDF file.

(Aside: Thanks again, everyone. Collectively, that was really very sweet of you.)

2) When I visited Ihnatko.com on my iPhone, I found that the site was still all there. So while a simple "cleanup" was probably impossible, I could still probably harvest the text and graphics.

3) I think I have a database backup somewhere. It's old, but it's possible that the only stuff I'd "lose" would be things that were crossposted from Posterous anyway.

4) Nobody will die because of this.

5) I won't lose any money because of this.

6) I set up Ihnatko.com as my very first Wordpress installation. Y'know, it'll probably benefit from a nuke-and-rebuild anyway.

7) A user only starts seriously backing up his data and keeping his software after he suffers a data loss. Okay, kick in the pants has been duly received.

Alas, this problem is all my fault. There's nobody to blame but me.

(AND the eggsucking weasels who launched this attack, but I'm the only Person Of Interest who came down to the station, so I'm going to have to take the fall.)

Why didn't I update Wordpress? Because it was going to be a whole Thing. My version of WP came before the "auto-update" feature was installed. The whole procedure would have been like shampooing a wall-to-wall rug. I want to clean the rug, sure, but do I really want to move out ALL of the furniture? And all of the stuff piled up ON the furniture? Etc.

Why didn't I back up the database regularly? Because I could remind myself to do it and all of the plugins that promise to do it automatically made my head spin. Yet another reminder from Life that "because it seems like a lot of work" really isn't a sufficient reason not to do something that's frightfully important.

Onward and outward. We walk from where we stand. Mankind is born to trouble just as surely as the sparks fly upward.

(That last one is from Job. I'd have guessed that Job was an admin, but I've read that whole book. At the end, he has faith in the basic goodness of Creation. That really doesn't sound like an admin, does it?)

Loading mentions Retweet

Sep 05, 2009

slooker said...

Job was not an admin. Job was an unfortunate user hit by a hacker trying to break his account. In the end, he ended up with his faith in the admin because his account wasn't compromised even though all his data was destroyed and he didn't have a full backup.

Also note that that hacker was in the wheel group.

jasonhuck said...

The good news is that if you can get over the hump of upgrading (switch to a subversion checkout -- easiest way IMO), it doesn't seem to be too difficult to cleanse your database of the SQL injection code. Once you've upgraded, go to Settings->Permalinks and re-set your preferred link style. To get rid of the "hidden" admin user(s), I found it easiest to just edit the database directly. A quick scan through your wp_usermeta table will tell you which user ID is the "hidden" admin (look for a "meta_value" containing the word "admin" for the meta_key "wp_capabilities"). Just delete all records associated with that user ID in both wp_usermeta and wp_users. I'm still looking for anything else mischievous, but things look pretty normal so far.

- jason

Susskins said...

Your warning has been received, and acted upon. I was at 2.8.3, and am now at 2.8.4. No signs of a hack on my blog, thank goodness.

Thank you for the heads-up. Please help yourself to a cookie and a cup of coffee.

Dave Patty said...

Thanks for the warning! Even though all 4 of my self hosted Wordpress blogs were at 2.8.4, one of them was still hit. Turned out that I had not updated the wp-config.php file on it and it got infected. No database damage that I can find but I had to replace ALL of the files including the plug-ins and themes.

So a bit of an additional warning folks. Make sure to replace (and configure) the wp-config.php with the latest version!

Sep 06, 2009

dimensionmedia said...

Finally a reasonable response to this situation. Admitting you were too lazy to keep backups or updated got a smile from me.

Honestly I don't see how the database backup plugins would be tough to figure out. Granted, I would think that functionality should be included in Wordpress now so that more people could backup their content. Many of the people frustrated are ones that haven't backed up their data, which if you are running a self-hosted blog and you aren't then it's really your own fault.

If you need any assistance with backing up your Wordpress blogs, i'll gladly lend a hand.

boredzo said...

You might try WordPress's built-in export and import functions. As of 2.8.4, they're under Tools on the left side of the admin interface. According to the “Lorelle on WordPress” article that John Gruber linked (http://lorelle.wordpress.com/2009/09/04/old-wordpress-versions-under-attack/), exporting, deleting the entire WordPress installation, reinstalling it, and importing will do the job.

Steve Borsch said...

I'm going to heartily recommend Wordpress.com for both you and Robert Scoble. Like the old signature tagline, "Go Greyhound -- and leave the driving to us" you'd no longer have to worry about this stuff AND you could import all your self-hosted Wordpress content in to the .com version.

This happening to high profile people is actually a good thing (thanks Andy!) since too many of us get lazy about backup. It's why Time Machine and Carbon Copy Cloner have been a godsend for me and for our business (especially when I began to hear a suspicious light grinding noise in my MBPro and used CCC to clone it to an external 250GB USB drive *right before* it died).

jonknee said...

If you need help getting rid of the nasties and back on the latest, let me know. Well and implementing a backup program. There are plug-ins that can do it, but I prefer to go at a lower level and bundle up everything in a backup (database *and* files) so you can easily to a total site restore in a couple minutes.

Axian said...

What kind of a ghetto webhosting do you have that doesn't keep bi-monthly snapshots? "Backing up a website" into neat little folders is so 1997.

There are tools to automate the entire thing, usually built into either cpanel/plesk or extensions available for Wordpress to dispatch snapshots to remote locations or to the root of the server.

Matt Thomas said...

Steve: ironically, Scoble actually was a WordPress.com VIP until he decided to switch to self-hosted WordPress few months ago. Not sure why.
Andy: Maybe Automattic can be of some help, or know the right people who can? Feel free to email me directly or drop us a line at http://automattic.com/contact.

Daniel Murphy said...

WP-DB-Backup emails me a database backup every night. I delete it as soon as it comes in, but it's always there in the trash if I need it.

I figure I'm more likely to need that backup because of something I screw up then of hackers and malware.

yoast said...

Let me know if you still need help, I'm both an enormous fan of your work and what people call a WordPress expert, so the combination might gives us both a smile on our face :)

said...

I frequently find long lists of hidden urls on the base of the most recent blog entry. It's a simple login and delete.

I'm just not sure how it is happening. I THOUGHT I was current.

Sep 08, 2009

viritrilbia said...

slooker's comments on this post are the funniest ones I've seen in weeks. Thank you...

ihnatko’s posterous

Fans of this post

*@&$, #%@&, &%%, Damn!

Comments (15)

Leave a comment...