Why, Blog, Why?

We're back online after almost 48 hours of down time. In short, our blog was h4x0red by some effing schwags who exploited a bug in the blog software. I think I was ground zero, or at least I was the first to report the issue in the support forums. The b2evolution developers were great though and had a patched version up within a few hours of my initial report. To be fair, it wasn't the blog software itself that was buggy but rather a combination of a vulnerability in an add-on file and too loose server settings PHP settings. Both have been fixed and I think we're safe for the moment. The funny thing is that I saw a bunch of activity in my logs that should have told me something was up - odd search referrals for specific text related to the blog software itself. But I ignored it, so shame on me. (Or as George W. would say "There's an old saying in Tennessee — I know it's in Texas, probably in Tennessee — that says, fool me once, shame on — shame on you. Fool me — you can't get fooled again.") Not that I would have known where they would strike, but perhaps a few preemptive IP bans would have reduced the blow. Anyways, luckily they only affected the blog files themselves and not the actual database which would have really sucked.

I have a lot more I want to write about, but I wanted to be in bed about 2 hours ago. But just so I don't forget, up next: Why I'll never buy another McAfee product again; our visit to Pine Hills Waldorf school tomorrow; and our best visit to the photographers yet! Maybe a bonus post summarizing the Internet Basics class I've been co-leading at work.

TTFN