« My life, in a nutshell. And it's cramped in here. | Main | On the reconstruction of daily trawls. »

Eric: Oh, and did I mention...

...Gossamer Commons got hacked?

It did.

And me without an effective means of getting into it. Weds is doing what she can....

I am fully insane, now. Utterly and fully. They say it was being disfigured that caused the Joker to go nuts? No no. He had catastrophic data loss and then his webcomic was hacked.

I'm off to flood a high school gymnasium with nerve gas emitted from a giant canister of Jock Itch spray. Toodles!

Posted by Eric Burns-White at July 5, 2005 12:45 PM


Comment from: Thomas Blight posted at July 5, 2005 12:59 PM

Noooo! Not Gossamer Commons!

Was everything for that backed up?

Comment from: Ed Heil posted at July 5, 2005 1:14 PM

spykids? I've seen that one before. Probably wasn't a direct attack on gossamercommons, but an attack on some other vulnerable PHP site on the same server, which overwrote everything it could find on the server which had sufficiently open permissions. You probably need to do a tighter unix file perms lockdown to keep this from happening again.

Comment from: Ben G. posted at July 5, 2005 1:17 PM

If it's any comfort, a Google search on the crew that defaced the website brought up some results that suggest you might just be the random victim of a worm let loose by Brazilian hackers, rather than the target of a deliberate attack.

On the bright side, whenever something bad happens in the future, you can now say, "This is almost as bad as the time some Brazilian hacker's worm defaced my webcomic," like a character from a Cory Doctorow story.

Comment from: Eric Burns posted at July 5, 2005 1:21 PM

Oh, it clearly wasn't targeted at GC. Other websites on the server got hit too.

None of the data seems to have been lost. I had a backup of it...

Say it with me, kids.

...on my hard drive.

Comment from: lucastds posted at July 5, 2005 1:41 PM

Could things get worse? Yikes...

Comment from: theusual posted at July 5, 2005 1:49 PM

Like Dave Van Domelen said in the other comment thread, at least this eliminates any debate about sending the drive to a data recovery place.

Comment from: Ben G. posted at July 5, 2005 1:50 PM

"Could things get worse?"

Aww, man. Jinxed!

Comment from: alienpriest posted at July 5, 2005 1:50 PM

Oh fudge. Your artist is keeping backups too, isn't he?

Comment from: Wednesday posted at July 5, 2005 1:52 PM

So far as I can tell, the data is intact. I grabbed down the site a couple of hours ago. The strips are fine. The fanart and chrome and theme files are fine. At a rough guess, I'd say the SQL database is fine, since the posts are intact from an admin's PoV. It's just that the server isn't passing anything out but a two-word plaintext string.

Comment from: Aerin posted at July 5, 2005 2:01 PM

As soon as I read Ben G.'s comment, I smacked the desk and exclaimed, "It's the Brazilians!" which is now on the helpdesk quote board. Some Brazilian website has been running a dictionary attack against my friend's e-mail server for over two years. Coincidence? I think not...

Comment from: joeymanley posted at July 5, 2005 2:31 PM

Wha huh? Other sites on the server?

faans.com and JazzAgeComics.com and TAC itself seem to be fine ... unless you've moved GC over to a different server and I didn't know about it ...?



Comment from: Wednesday posted at July 5, 2005 2:35 PM

Joey: My testbed also got it in the neck. Check your mail.

Comment from: joeymanley posted at July 5, 2005 2:38 PM

Ah, okay. I'm deliberately not checking email in the mornings -- waiting until AFTER I spend 8 full hours/day working on WCN code. Otherwise I get caught up in random distractions.

I'm guessing that it's probably a security flaw in the comic archiving script you were using (which was installed on both your test site and GC, right?).

Easiest fix I can think of is to delete the virtual server (after you've made a backup, of course) and then re-create it from scratch.

I'll go check my email now ...



Comment from: Eric Burns posted at July 5, 2005 2:45 PM

So... this might be a vulnerability in WordPress?


Comment from: Greg Dean posted at July 5, 2005 3:03 PM


Comment from: Ben G. posted at July 5, 2005 3:05 PM

There are several vulnerabilities in WordPress v. and below. Since the site's already down, this might be a good time to update to, if you haven't already.

Comment from: 32_footsteps posted at July 5, 2005 3:09 PM

Ah, Google can be such a help.

After doing some searching via Google, I've found that all of the strips are actually still accessible by their specific URLs. For example,


Will bring you right to April 11's strip. While the pretty coding to make it easy to flip from comic to comic has been wiped, all the picture files are still there. So recovering things is just a matter of rewriting the site's backbone as opposed to finding backups of all the strips.

Annoying, yes, but not the worst thing in the world.

Comment from: Wednesday posted at July 5, 2005 3:12 PM

Christ. Why wasn't *that* coming up in Google results two hours ago, I'd like to know? Thanks. I concede that we were a couple of minor releases out.

(For that matter, I'd like to know why "no, really, deploy this update NOW" hasn't been showing up in Dashboard...)

Comment from: 32_footsteps posted at July 5, 2005 3:35 PM

I dunno... Sometimes, Google's caches are cranky.

Also, should some of the strips still be missing, someone out there has probably forgotten to clean their cache recently. You can always get copies of the strip that way.

Comment from: Wednesday posted at July 5, 2005 3:36 PM

We have the strips. We have them. I have them on my laptop. That's not a problem at all.

Comment from: Arachnid posted at July 5, 2005 3:54 PM

Hence the disadvantage of running on a shared server - the apache user usually has write access to everything important. Amazing how many badly configured servers are out there, really.

I'm not sure what you're paying for hosting, but if you're not able to fix permissions so it can't happen again, have you considered somewhere like Linode, or Server North? Linode runs linux UML (virtual server) setups, so you get complete control of the server - no shared hosting. Server North is run by a friend of mine, and runs a similar system - BSD Jails. He'll give you a great deal if you ask, too.

Comment from: Eric Burns posted at July 5, 2005 3:57 PM

Those are the archived strips from the point we used istrip as our CMS, though. So they unfortunately don't count.

Comment from: Phil Kahn posted at July 5, 2005 6:02 PM

"So... this might be a vulnerability in WordPress?



Comment from: kirabug posted at July 5, 2005 9:09 PM

Hrm. And I was thinking that gee, I could put off that wordpress update another few days. Damn.

Oh, and Wednesday, watching you and Eric put together GC inspired me to rewrite my whole site into Wordpress. Learned a ton of CSS and PHP, which I'm currently applying to the capstone of my Master's. So I could literally owe you both my ability to graduate. Thanks!

Comment from: SeanH posted at July 6, 2005 4:32 AM

So, we shouldn't be holding our breath for the rest of the 2004 Shortbreads any time soon?

Post a comment

Thanks for signing in, . Now you can comment. (sign out)

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Remember me?