Dedicated to my late brave, beautiful and silly mummy, Debra Ross. I love you mumster.

Skip navigation

Servage hacking, Rubenerd blocking update

2008.12.17 – 17.03 UTC+08 (Singapore Time)

Perl Perl Perl
I can’t say I ever thought I’d be using Perl as a last resort emergency security tool. Sheesh Servage, get your act together.

My first few days back in Singapore have been eventful to say the least. I could have said they were uneventful, but that would have been inaccurate and would also have contradicted what I just wrote. And the last thing I want to do here is look ridiculous. Well, any more ridiculous than I look now walking down from my apartment building to Orchard Road while I type this post on my iPhone.

ASIDE: I used to mock people who spent more time looking at their phones than paying attention to where they were walking; now with this ridiculously useful iPhone I’m guilty of the exact same behaviour. Walking into light poles seems to be my divine punishment for this hypocricy.

Yes back to eventfulness, since coming back here last Saturday morning, I’ve had my first major problems with online hacking of my sites, to a degree I never thought possible. So far RubenerdShow.com and the associated subdirectories such as this blog have been the victim of 12 code injection attacks as a result of poor security standards on my webhost. I dislike it when people shift the blame onto others, but all my permissions are set perfectly and the attacks are coming from within my host’s IP range, so it’s a matter of lax internal security due to what I suspect is poorly enforced group permissions.

Bruce Schneier! As Bruce Schneier said in his Secrets and Lies tome which I admit I’ve read more than three times, internal threats are often more dangerous than external ones, though they often get placed second in priority. I am a huge fan of Bruce Schneier, I even wrote about the Bruce Schneier Facts website back in 2006. Very fun distraction when all this nasty stuff is going on!

For Servage this isn’t new; a quick Google search for Servage Hack returns thousands of results. Even Flickr has a couple of screenshots by people showing their sites and even the Servage host site itself being hacked.

Perhaps as a result of this or because Servage has also been caught hosting hundreds of spam and credit card fraud sites, the StarHub ISP here in Singapore has seemed to start blocking all Servage hosted material. As I sit here at Starbucks now in Tanglin Mall it seems SingTel haven’t filtered it, but given Singaporean ISP’s general low tolerance when it comes to abuse of their systems I worry they may be next.

ASIDE: For those interested in the attacks themselves, it seems shady Servage users have been inserting javascript into the first line of my index.php files and modifying my .htacess files to redirect to other sites. This despite all my permissions being set to allow myself to read and write, but others in the group to only read. I don’t know what else I can do to block these changes.

I’ve written a trivial Perl script to check the modification dates of every file on the server, and if it doesn’t match a list of predetermined values it deletes the hacked/modified file and restores it, then logs the change. This seems to have stopped all the attacks but it really is a clumsy measure. Servage need to get their act together, because it’s not just me this is affecting.

Suffice to say, I am already in the process of moving over all my material to Segment Publishing hosting and Ourmedia instead of using Servage as well. I had kept Segpub for use only for my university blog, but they’ve proven themselves for their stellar reliability and great service. They do cost more than Servage, but as I’ve learned from this experience cost shouldn’t be the primary consideration. As a student I do have a stretched budget, but if I have to pay a few dollars extra a month for peace of mind, a server running FreeBSD and my own dedicated IP address that I don’t have to share with hundreds of other sites — some of which engage in criminal activities — I think it’s worth it.

Bruce Schneier!
Segpub Christmas cheer!

What frustrates me is that it’s my own home ISP StarHub that has blocked Servage, which means I have to use a proxy to access my own site. I’ll be doing some serious cleaning up of my MySQL tables and I’ll be exporting them hopefully today or tomorrow.

Interestingly enough, this blog and all the images used within are quite small. Exporting gigabytes worth of Rubenerd Shows recorded since 2005 and re-uploading them to Ourmedia will be a painfully slow process, but I think it will pay for itself pretty quickly.

Will be keeping you up to date, and thank you everyone for your patience. Because of the difficulty I’m having right now accessing this site, if you want to leave comments you may want to just email me instead, rubenschade\\\at///gmail[[[dot]]]com, with the slashes and braces removed.

What a great thing to be dealing with over my preciously short Christmas holiday break. Though I guess had this happened during an exam period it would have been much more disastrous to deal with. Bummer though.

Categories: security, singapore, weblog
Tags: , , , ,

Post comment -   Post to del.icio.us

RubenerdShow.com and Servage have just been blocked

2008.12.15 – 23.11 UTC+08 (Singapore Time)

This is a shorter message because I don’t have much time here. It seems the reason why I haven’t been able to access my blog and Servage.net over the last few days here at home hasn’t been because my site is offline or down, but it seems that my webhost (and all the sites they host) is being blocked for some Singapore Starhub internet customers.

I am accessing my site now through a proxy. Google Reader seems unaffected.

This is extremely serious. I have long suspected Servage has been hosting some less than reputable sites, and with the latest code injection attacks which have been happening on my blog since Sunday on my site and on dozens of other Servage customer’s sites, I suspect Starhub have taken action against them.

I will be moving all my Rubenerd Shows which collectively account for around 92% of my bandwidth onto Ourmedia, and I’ll be moving my remaining sites over to Segpub (FreeBSD webhost in Australia with dedicated IP addresses, SFTP and SSH) once and for all. Perhaps this is the final wakeup call I needed to get my arse into gear and make the transition!

Servage were ultra affordable back when I thought the internet was a nice toy, but they’re lack of adequate checks on what they host and these security lapses have made me lose what little shred of confidence I had in them. I don’t approve of Starhub’s move to block all sites hosted by them, but I can at least see their reasoning, and can somewhat understand.

Stay tuned for further developments. This will no doubt be taking me this next week to do. What are you doing for your holidays?

Categories: security, singapore, weblog
Tags: , , ,

Post comment (1) -   Post to del.icio.us

Moving over to Segment Publishing!

2007.11.13 – 20.07 UTC+08 (Singapore Time)

Today it’s official, I’m moving over all my internet paraphernalia to Segment Publishing, a web hosting company in my birth city of Sydney in Australia!

Segment Publishing

Unlike every other web host I’ve done business with in the past, Segpub give you full SSH access to your home account, secure FTP, they give you your own unique IP address, their logo is a kawaii face… how could I refuse? But probably the two most striking features that drew me to them was the fact they run FreeBSD which just thrills my socks off, and… they’re not Servage. That last point in particular was very important.

Servage… didn’t

If you’re one to revel in Schadenfreude you would have loved reading my woes with my current web host over this last year, especially my latest experience with my MySQL tables being down for a whopping 4 days!

I figured that disaster plus the 2 cumulative days in total from the rest of the year (a conservative estimate, I’m sure it was more) puts the total uptime for 2007 for the Rubenerd Show and Rubenerd Blog to 98.63%, a far cry from their stated 99.98%. That said in either case I wouldn’t have minded so much had they either given me some form of warning or maybe even a discount for the times they weren’t able to provide service for the reason of the month.

Their "intermittently reliable" physical service is a shame because their technical support system is excellent. Support tickets I submitted never took more than a day to answer, and they always seemed happy to elaborate and explain points further when I replied asking for clarification.

Ironically the day I registered with Segpub on the 07th, Servage upgraded the design of their site and added new features. Go figure.

The move is on!

Lots and Lots of Boxes!

So by the end of this week this whole mess of a site will be lifted up and moved over to Segpub. I’m taking the opportunity to clean out my public_html folder while I’m at it. There are so many orphaned files and old Perl scripts from previous projects that are all just begging to be spring cleaned.

Categories: internet, weblog
Tags: , , ,

Post comment -   Post to del.icio.us