Website hacks and craft Web development

For the last several weeks, a few of the websites I maintain, including this one, have been getting absolutely buffeted by exploits and malware attacks. These attacks drop redirects in the headers and footers, throw up those fake blue “ATTENTION Microsoft” windows that take over your browser, and in general wreck the sites and make them do what the hackers want, whatever that is.

I change all the usernames and database logins, delete pernicious PHP files, chmod the wide-open directories. It keeps happening. It’s gotten so I think it’s not (just) a negligent webmaster like me, but something exploitable in my ISP, some way they’re not clamping down, some way-hidden hole I haven’t found yet. Because even when I change everything these exploits keep re-spreading. So it’s bad. It’s frustrating and it makes me throw up my hands about manual website maintenance. And about writing things on the web, since brownhen.com is like my (very occasional) journal.

But then I think: the good side of this is all this checking and fixing, this SSHing and tail-ing and chmod-ing. Like a fisherman darning his nets, I have to go in every day or so and look around, look at the logs, add IPs to the .htaccess (which is silly because hackers grab hundreds/thousands of computers, like mine, to drive their exploits, so it’s not like you’re reaching the guy’s laptop or anything), clean out the now-familiar fake files ( /wp-admin/user/exdbpabq.php is not a valid file from WordPress, for example). It’s like weeding a yard, sharpening your tools.

And it’s zen-like and pleasant like that. And direct. And craftsman-like. When I get over my frustration, I really like this mending and pruning and sharpening. What doesn’t get old is the directness of a web server and a shell, your favorite Unix editor, the activity on the site itself legible in logs, the cat-ing and bashing 1. Craft website development.

Notes:

  1. I found this cool Bash script that watches when new files are written to your website directory. I adjusted and am watching the intermittent “Waiting for changes” notes scroll down the terminal. All clear for now? Sorry this site has been down or abusing you when you visit.

    #! /usr/bin/env bash
    
    FILELIST=/tmp/filelist
    MONITOR_DIR=/home/usr/local
    
    [[ -f ${FILELIST} ]] || ls ${MONITOR_DIR} > ${FILELIST}
    
    while : ; do
        cur_files=$(ls ${MONITOR_DIR})
        diff <(cat ${FILELIST}) <(echo $cur_files) || \
             { echo "Alert: ${MONITOR_DIR} changed" ;
               # Overwrite file list with the new one.
               echo $cur_files > ${FILELIST} ;
             }
    
        echo "Waiting for changes."
        sleep $(expr 60 \* 2)
    done
    

Watson Dialectics

An idea for a new Watson service/application

What if you could convene a conversation with people you have strongly disagreed with, or find it difficult to exchange facts with, people with whom you have been driven you to stridency and name-calling, and have Watson help keep that conversation on the right foot? What if Watson could ensure that the tone of this conversation remains dispassionate, its participants receptive, and its assertions verifiable in real-time?

Two services, Watson Tone Analyzer and Watson Discovery, are the tone- and fact-checking engines, respectively, in a new application, Watson Dialectics, which monitors conversation in real-time through a mobile application and a microphone.

If as you try to make your point your tone starts to overcook, Watson will stop the conversation and gently suggest a reframing, or a retreat back to the ground that had been coolly agreed upon. If your conversational partner says something like “50% of American males own fire-arms,” Watson will go verify this fact in the background and politely countermand if necessary. Human debate monitored and enhanced by artificial intelligence.

Watson Dialectics also uses IBM’s Mobile First platform, speech-to-text, and a couple of other services to create a system for real conversation (as opposed to the Conversation service that developers use to build chatbots, that is to enable “conversation” between humans and software).

It’d be great! You could bring it along to your kids’ cafeteria Lincoln-Douglas competitors, to the water-cooler chat at work, or to that Thanksgiving dinner table.