I have been hacked

Ivan Kuznetsov - blog hackedYes, for the second time in my life. First time it was still in my university years. In those times if you had internet access at home, you were priveleged. Companies were paying quite a lot of money to get a slow 28K dial-up connection, and internet providers were charging per minute, not by gigabyte. I set up access to the university internet connection via modem in our lab – I was running FIDO net node on the same machine. One guy (I later on found him) noticed that there’s a PPP connection attempt before FIDO mail software kicks in and successfully brute forced the password. I should admit that I didn’t bother that much when I was setting the password – it was not the default one, but pretty close. It was quite easy to spot the attack – phone line was busy all the time. What the attacker didn’t know is that the modem I used was a sophisticated US Robotics Sportster model with CallerID detection, so it was rather easy to trace the attacker.

But that was more than 10 years ago. Now I noticed that something is wrong when I started recieving a lot of comment spam from this blog. Captcha plugin was doing an excellent job before, so I decided to check what’s going on. Somehow all plugins were disabled. Re-enabling them solved the problem with comment spam, but then Goolge started generating weird excerpts for ivankuznetsov.com search results. That’s when I started digging deeper and discovered that a hidden div with advertisments was inserted into WordPress PHP scripts.

Dreamhost support was kind enough to point me to the description of the attack that was used to break my blog. This particular problem, as well as some other security issues have been fixed in the latest Word Press release – 2.5.1. Lesson learned – update software on time and make backups.

If you are using WordPress older than 2.5.1 I would recommend you to upgrade ASAP.


Radiant CMS

Radiant CMSEaster weekend didn’t start well – I decided to upgrade Joomla on one of my sites to version 1.5.1 from 1.0 and upgrade just totally ruined the entire site – content was lost, template wasn’t compatible with version 1.5.1. At first I thought that the reason is Dreamhost‘s automatic one-click upgrade that I used, but even after manual reinstall Joomla kept giving weird “Fatal error: Call to a member function name() on a non-object in helper.php on line 219” error in Control Panel, and legacy mode for old template didn’t work.

(To be fare I should say that Dreamhost provides excellent value for money. If you are looking for a good hosting – use IVANKUZNETSOV promocode and get a $50 discount when setting up an account on Dreamhost)

A thought of reinstalling all modules and reconfiguring Joomla from scratch was simply too depressive, so I decided to try another CMS. As a Ruby on Rails convert and a strong believer in open-source ideology I decided to go for Radiant – open-source CMS written in RoR. It is still in beta (latest release is 0.6.4), but it is surprisingly stable and powerful. Take a look at the footer of www.ruby-lang.org – official Ruby programming language web site – it is powered by Radiant 🙂

Installation of Radiant was rather easy – thanks to this guide and my prior experience with RoR applications deployment on Dreamhost. It took me a couple of hours to figure out how to actually create sites with Radiant – there are not that many tutorials available yet, so it is pretty much  “make by example”. Split into pages, snippets and layouts makes a lot of sense onse you get your head around it.

From my experience Joomla is an overkill for most of the small sites, and despite being WYSIWYG, it still requires a professional or at least a tech savvy to configure it. After Radiant is set up and configured it is no more difficult to add content there than to edit a wiki page because of its Textile support. But it is so much simpler and easier to use than Joomla.

I managed to restore the ruined site in a day’s time – fetched most of the lost content from Google cache, converted Joomla template into Radiant’s layouts and recreated the pages (well, it was a small site after all). First time I dealt with Joomla – I spent several days trying to figure out where are the settings that I actually need in the endless menus.

Radiant is clearly following “less is better” principle. If you want to try Radiant – there’s a live demo where you can do whatever you want with the content.


The power of blogs

Well, it all started with this blog post Installing LifeBlog 2.0 on N90 by Niko Nyman.
He’s reported that upgrade of Lifeblog application didn’t work on his N90.

I really liked this comment:

But what needs to be said is that this proves what blogs can do. I
post my problems online, I get an almost instant answer from the
relevant product manager of a multinational company. This would have
never happened have I gone through the pre-blogging channels of calling
the support etc.

Continue reading “The power of blogs”