Website hacks and craft Web development

For the last several weeks, a few of the websites I maintain, including this one, have been getting absolutely buffeted by exploits and malware attacks. These attacks drop redirects in the headers and footers, throw up those fake blue “ATTENTION Microsoft” windows that take over your browser, and in general wreck the sites and make them do what the hackers want, whatever that is.

I change all the usernames and database logins, delete pernicious PHP files, chmod the wide-open directories. It keeps happening. It’s gotten so I think it’s not (just) a negligent webmaster like me, but something exploitable in my ISP, some way they’re not clamping down, some way-hidden hole I haven’t found yet. Because even when I change everything these exploits keep re-spreading. So it’s bad. It’s frustrating and it makes me throw up my hands about manual website maintenance. And about writing things on the web, since brownhen.com is like my (very occasional) journal.

But then I think: the good side of this is all this checking and fixing, this SSHing and tail-ing and chmod-ing. Like a fisherman darning his nets, I have to go in every day or so and look around, look at the logs, add IPs to the .htaccess (which is silly because hackers grab hundreds/thousands of computers, like mine, to drive their exploits, so it’s not like you’re reaching the guy’s laptop or anything), clean out the now-familiar fake files ( /wp-admin/user/exdbpabq.php is not a valid file from WordPress, for example). It’s like weeding a yard, sharpening your tools.

And it’s zen-like and pleasant like that. And direct. And craftsman-like. When I get over my frustration, I really like this mending and pruning and sharpening. What doesn’t get old is the directness of a web server and a shell, your favorite Unix editor, the activity on the site itself legible in logs, the cat-ing and bashing 1. Craft website development.

Notes:

  1. I found this cool Bash script that watches when new files are written to your website directory. I adjusted and am watching the intermittent “Waiting for changes” notes scroll down the terminal. All clear for now? Sorry this site has been down or abusing you when you visit.

    #! /usr/bin/env bash
    
    FILELIST=/tmp/filelist
    MONITOR_DIR=/home/usr/local
    
    [[ -f ${FILELIST} ]] || ls ${MONITOR_DIR} > ${FILELIST}
    
    while : ; do
        cur_files=$(ls ${MONITOR_DIR})
        diff <(cat ${FILELIST}) <(echo $cur_files) || \
             { echo "Alert: ${MONITOR_DIR} changed" ;
               # Overwrite file list with the new one.
               echo $cur_files > ${FILELIST} ;
             }
    
        echo "Waiting for changes."
        sleep $(expr 60 \* 2)
    done