Conversation with a hacker – in the WordPress .htaccess file

Every once in a while Wordpress sites get hacked.

It can happen for a number of reasons but it’s usually due to either insecure themes or plugins which use code that was poorly written and/or code that has not been maintained or updated.  The key point to this is to make sure that the themes and plugins you use are actually supported.  I actually prefer plugins that are “for pay” and maintained.

I also make sure to maintain incremental backups every 6 hours, daily, weekly and monthly for up to 6 months.

Anyhow for the last several months we’ve been dealing on and off with a link hacker. At times he’s taken down a site and we’ve restored a backup. None of the scans showed the exploits he was using and the logs didn’t provide the information that we needed to identify him or the exploit. (This one was actually built into the theme a hosting client was using.)

Anyhow, yesterday during a routine check I noticed that some link pages were up on this site again. So I made some changes to the files and killed them. A few minutes later they were back and this continued for about 30-45 minutes where to my surprise the hacker started to engage me in conversation in the .htaccess file.

Curious and not sure if this was part of a more elaborate script I decided to respond back. And then the fun began.

I did this to bait him for two reasons: 1) I was trying to get him to open up and identify himself which I knew wasn’t likely, and 2) I was trying to get him to communicate enough so that we could monitor the log files and figure out which IP(s) were him. We were actually able to find 5 different IPs that he was cycling through trying to be stealth – of course, all using proxy’s.

#do not make me angry
#why?
#I do not want to harm your site,but if you do not calm down…
#I’m very calm and I like to play…
#I like you dude
#Then why are you fucking with my friends?
#you’re gay? lol
#tell my wife… my life might be easier.
#how old are you?.
#I don’t understand?
#I’m 43 – how old are you? – This is actually kind of fun…
#I’m 32  – This is actually kind of fun and for me…
#:)  I used to do what you do – but long before the internet.
#No, but do it before the internet was impossible
#I started in 1981 with a Commodore 64 – right before you were born….
#I have to leave right now,I was very glad to talk with you…
#Do you have to go to work now? – Curious if the links pay well?
#this is my job – not bad
#cool – curious if I can hire you for some security work some time? I do this site for a friend so I don’t get paid to help them.  But I have other paying clients.
#talk to you later,in an hour.
#OK
#I’m here
#I see…
#how much you earn per month?
#probably much less than you.
#my job is profitable but very nervous,not all such nice people like you…)
#Is it often that you engage people in the .htaccess file? Curious how often they write back…
#you are the only one who answered…)
#At first I was curious if it was part of a script – so when you answered back I figured why not?  How long have you been in this line of work?
#4 years
#Cool… The proxy you are using has a reverse IP from Turkey.  I’m in California. Figured you were in Turkey or France.
#if you have good websites they can earn good…
#so where do we go from here?
#in sense?
#I don’t know.  For my friends I need to secure their site.  At the same time you may have some knowledge that could be valuable to me and others so I’m wondering if I could hire you from time to time to try to hack sites and let me know if they are easily exploitable.
#I myself did not break anything, I buy from other compromised sites
#but if you have a server where the good sites that we could cooperate.
#I’d love to say yes and make more money but my friends would probably not want to do it. And the outbound links cost them SEO value as well.
#these actions do not harm the sites, and I have stamped links to these sites that affects good for seo.
#but they show up on site:[website].com and it makes them look like they are selling drugs
#it sees only those who need drugs – and site admin…)
#I can’t do it.   Are you available to try to hack sites for a fee? Hey – are you Czech?
#I wrote that I did not hacked sites I buy from those who hacks – No.
#Oh, I see.  What kind of CPMs do you usually get?  I do have some other sites
#they pay me% of the purchases,if you have a good site, you can earn a month 500-1000 $
#OK you can email me at [email address] – but for this site I need to clean it up.  I’m sorry man. I don’t own it and they don’t want the ads or spam emails sent. ;(
#do not do it.
#I have to… I’ve enjoyed chatting. Feel free to email me.  I’m locking you out now.  Goodbye.

After identifying his IP addresses we were able to crawl through the log files and see all of the files that he touched – even going back to March.  We deleted and all non-critical material and then proceeded with fresh installs of everything.

Now it’s only been ½ a day since the event and we’ve seen him continue to attempt to infiltrate the site – but so far he’s been unsuccessful.  Even better, because we are monitoring his IP’s we are watching to see everything that he’s trying so that we can test his methods against all of our client sites.

DropBox – Up to 5GB of Free Storage You Can Use For Syncing

DropBox – Up to 5GB of Free Storage You Can Use For Syncing

I wanted to tell you a little big about DropBox

So first know:

  1. I’m not necessarily a big product plug guy
  2. This is not new or cutting edge
  3. But, it is free and there are things you could use it for!

I used to be a PC – for a long time – then I got an iPod, and iPhone and finally a MAC – and life changed for the better – kind of – because I couldn’t keep my calls going without the frequent drops.

Left with the choice of constantly apologizing to my clients, prospects, family and friends, or switching carriers and phones, I chose to go with an Android phone.

This kind of turned my world upside down because I was syncing everything through MobileME – but that doesn’t work with an Android phone – or if it does, I didn’t take the time to figure it out.

I love the Apple experience – but the idea of taking one foot out of the Apple lock-box and back into the open world was a bit liberating.

Why? Because I discovered DropBox. A friend of mine turned me onto it and said he uses it to share files between all his devices – and you know what? IT WORKS GREAT!

I can now share a library of files between all my devices (MAC/PC/ANDROID PHONE/ETC) and they are always up to date – and in sync.

Better – DropBox gives you up to 5 Gigs of storage for free.

So if you want to give it a try – go for it – it costs nothing to try it out – and use it. You’ve got everything to gain… 😉

Click here to give it a try

And if you already use DropBox, how do you use it? Any cool tricks and tips that you can or want to share?

The 4 Year Rise of Mobile (Android/iPhone)/OSX and the Decline of Microsoft Windows OS (w/ stats to prove it)

The 4 Year Rise of Mobile (Android/iPhone)/OSX and the Decline of Microsoft Windows OS (w/ stats to prove it)

This morning I ran across an article on Digg about OSX 10.7 (which I’m pretty fired up about) – and it got me wondering…

What does OS usage look like on one of my more popular sites and what are the implications for the development community as it adapts to consumer use?

For stats I’m using one of my sites called RinkTime which is a directory site that helps skaters find rinks throughout North America. This year it’ll serve 5,000,000 visitors.

Anyhow, the best part of RinkTime vs. a lot of the other sites who report traffic, browser and OS numbers is that it’s audience really is middle-American families – and I think it demonstrates a pretty good cross spectrum of users – unlike a lot of sites who cater to a technical or business crowd.

So, here’s what we’ve got.

Starting with 2006

Microsoft Windows OS 2006 RinkTime.com Operating System StatsDominance with a 94.48% visitor-share… Apple/Mac had just 5% of the visits and Linux a measly 0.18%.

2007 & 2008

2007 RinkTime.com Operating System StatsAlso notice that PalmOS which registered 0.02% in 2007 and 0.05% in 2008 has disappeared. Blackberry which didn’t register until 2009 with 0.16% grew to 0.59% this year.

2008 RinkTime.com Operating System StatsBut the BIG movers are the iPhone/iPod (and soon to register iPad) devices…

In 2007, the iPhone registered just 0.07% of our visitors. That grew to 0.62% in 2008 turning it into our 3rd most popular OS behind Microsoft and Apple in 2008.

2009 – The Year of Mobile

2009 RinkTime.com Operating System Stats2009 was truly the Year of Mobile though in the US with the iPhone growing to 1.77% of our visitors and iPod growing to 0.53%. 2009 was also the year that Android debuted with 0.40% visitor-share.

2010 in Summary

2010 RinkTime.com Operating System StatsThis year to date, January 1, 2010 through June 5, 2010 it looks like this…

Microsoft is still in the dominant position with 82.23%, but has taken a huge hit with Apple growing to over 10%. And when you combine Apple OS, iPhone, iPad and iPod Touch, Apple owns over 14%. And Linux even being considered an “experts” OS (simplified) has doubled in use. (Most may not consider it being worth mention however I think that’s an important stat.)

Android is making gains on the iPhone visitor-share with a 1.33% share – iPhone usage has grown to a 3.07% share.

Trends – January vs. May, 2010

2010 RinkTime.com Operating System Stats

Finally, lets look at January, 2010 vs. May, 2010 for a picture of today which we can use to establish a trend for mobile and Android‘s rapid growth due to Verizon’s adoption of the Android OS as well as the other carriers.

January vs. May 2010 RinkTime.com Operating System Stats

The iPhone during the 1/2010 to 5/2010 still grew from 2.87% of our visitors to 3.16% (+0.29%) but the Android use grew from 0.99% to 1.79% (+0.8%). It’s all pretty interesting – but the bottom line is that when we build websites, we must be aware of the growth in activity of mobile – and design for these devices as well as the standard and ever changing OS environments.

In my next post, I’ll let you in on something big – the future of search….The ultimate measure that any and all search engines will use as a basis for who ranks for what…

Jim Rohn – He Will be missed…

“Failure is not a single, cataclysmic event. You don’t fail overnight. Instead, failure is a few errors in judgement, repeated every day.”

Those are the words of a wise man by the name of Jim Rohn.

Jim was a motivator, an inspiration, a teacher of wisdom and a guy who just made common sens out of things which many of us just find confusing because they are so damn basic.

If it weren’t for Jim, we’d probably not have Tony Robbins and literally hundreds or even thousands of other life changing people who have influenced hundreds of millions.

One of many things he said that I constantly need to remind myself of is this: Give whatever you are doing and whoever you are with the gift of your attention.” Jim Rohn

When times are tough, it’s guys like this who help get us through.  Watch these three quick clips of him doing what he did best.  He’ll be greatly missed.

Read some great quotes by Jim.

Pests Database – And how it was integrated with automation and public notification…

I was just looking out my window and saw some bugs flying around – possibly termites.

You see, here in Southern California it’s been warm – even hot the last couple of weeks.  Right now it’s about 74 and the sun is coming out through the overcast askies.

But, these winged beasts made me think of an application that we developed for one of the nations leading pet control companies – One you’ve certainly heard of – a household name.

This company had a past-client and prospect database of many million – I’d write it but it’s now out of date and I also don’t want to get into trouble with the client – we did this back in 1999 – but the lesson which can be taken away from this still rings true today.  (Ah who cares… Swarm Map – this can only help them right?)

So, when the call center would receive the right number of calls reporting termites, it would activate the location on the map and simultaneously notify the clients and prospects via email and direct mail that termites were in their area.  Its brilliant marketing if I don’t say so myself.  This causes people to wonder, call for a free inspection and allows for up sell opportunities.

I’ve heard of home and business burglar alarm companies doing the same thing.  These companies subscribe to the reports of crimes in an area, then reference the crime and blanket market these areas for their services – while that pain and fear is still fresh.

So, how can you use a similar technology or marketing technique for what you do?

When you hit a home run or you see one of your competitors hit one, are you calling on related prospects to sell them on the concept or a twist of the concept – an improved concept?  Because I’d be willing to bet that the original service provider can’t compete and also didn’t think of the best most impactful way of doing it.

I’m starting to babble on now so I’ll stop.