\t\t\t\tso my little web server got breached the other day. chinese hack0rz found an ancient version of some asshole piece of software sitting around on my web server, and milked it for unknown dastardly deeds, but apparently doing nothing particularly malicious toward me. they may have been shuttling malware through my \/tmp directories, or they may have been running IRC servers for the purpose of sharing warez and pornand other things. i’m not sure what they were doing or what they might have had in mind (if the mind is an appropriate resource to consider in the case of zombie bots like this) but it was awesome in a way to see for reals how dangerous it is out on the open Intertubes.<\/p>\n
i was a little miffed, and a little annoyed at the way i was informed of this matter. i appreciated being informed by the data center guys, but the notification came with this lecturous warning that i’d be kicked out of the data center, with all my business taken offline, if i didn’t do anything about this. i can appreciate the urgency, but for a 15-year+ customer paying hundreds of dollars a month in lease fees i would think i’d get some benefit of the doubt. and then to find that, in a way, the problem is really the fault of the data center guys who set the server up in the first place, that adds a little depth to the irritation. i mean ultimately, the responsibility is mine. it’s a dedicated server, and making sure the software and packages are all up to date is my deal. and you know, i do run occasional updates of all the kernel and core packages, but this particular exploit didn’t attack anything like that. it went after a 6 year old version of a very popular piece of software used on virtually every dedicated server. this software is not part of routine updates, and i almost never use it. it is, of course, password protected, but this exploit exists because of a point of entry which for some reason ignores the password, and makes access to the config and server-level file system open to anyone who knows how to properly build a POST statement. i can’t believe that this data center would install such an ancient piece of software as a default on new dedicated servers. it seems like it would almost take effort to do that.<\/p>\n
ah well, crisis averted, i guess. i don’t know how long this was going on, but the security breach combined with the assholery of the dudes at the data center form as good a reason as any to move off of this problematic server. which is needlessly expensive. cutting this piece of shit out of my arsenal would be tantamount to giving myself a thousands-of-dollars-a-year raise.<\/p>\n
…..<\/p>\n
speaking of thousands of dollars, i think i might go in on the new piano, and i think i will dip in to my 401(k) to accomplish this. i have the cash on hand, but i’d rather gift it to myself with free money, and use that raiding of the 401(k) as an excuse to start contributing to it again. i have not contributed to that fund for 9 years, and it is worth less now than it was then, and less than it was worth 10 years ago. i have little confidence that the stock market is a safe place to invest for retirement. the landscape of the market has changed, and it’s a volatile place, not a reliable place for long term growth. i don’t know where the reliable investments are any more, though certain companies come to mind. i don’t even have confidence in government issued bonds or bank notes or any of that crap.<\/p>\n
i have to check with the accountant, though, to make sure that withdrawing from the 401(k) and the penalties that follow are the end of the transaction, the end of the liability, and that the funds put toward a piano are fully tax deductible.<\/p>\n
i was a little surprised at how the Yamaha Avantgrand had so few sounds. Just 2 pianos, 2 electric pianos, and a harpsichord. No organ, which is lame, and no strings, which is fine with me. But the lack of an organ sound is surprising. I guess you can make up for that with MIDI? I don’t know. But the sales guy at Faust Harrison was mighty nice to me, which I didn’t expect.<\/p>\n
…..<\/p>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
so my little web server got breached the other day. chinese hack0rz found an ancient version of some asshole piece of software sitting around on my web server, and milked it for unknown dastardly deeds, but apparently doing nothing particularly malicious toward me. they may have been shuttling malware through my \/tmp directories, or they […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[29],"tags":[],"class_list":["post-2013","post","type-post","status-publish","format-standard","hentry","category-text","et-doesnt-have-format-content","et_post_format-et-post-format-standard"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/saumAn-exploit","jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/wsbj.com\/sorabji\/wp-json\/wp\/v2\/posts\/2013","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wsbj.com\/sorabji\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wsbj.com\/sorabji\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wsbj.com\/sorabji\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wsbj.com\/sorabji\/wp-json\/wp\/v2\/comments?post=2013"}],"version-history":[{"count":0,"href":"https:\/\/wsbj.com\/sorabji\/wp-json\/wp\/v2\/posts\/2013\/revisions"}],"wp:attachment":[{"href":"https:\/\/wsbj.com\/sorabji\/wp-json\/wp\/v2\/media?parent=2013"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wsbj.com\/sorabji\/wp-json\/wp\/v2\/categories?post=2013"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wsbj.com\/sorabji\/wp-json\/wp\/v2\/tags?post=2013"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}