Hacking beginners are called the same way beginner programmers are called. Lamers. The hacker who messed up my site is, I believe, a member of this group. I can’t exactly tell why I dumped him in that poor level. Maybe I’m just pissed off or maybe I first sensed something so amateur about his clamor for attention.
Guys, I may not make sense at all in this post, but just let me be (and note that this is not a ‘hacking for beginners’ post). Give the poor chap who just got hacked some space and allow him to let out his anguish even just this one time. Like I’ve said in a previous post, I am entirely to blame for my website’s mishap at the hands of this online sissies. I’ve been a little too liberal on my surfing habits and have loosened my guard and thus have allowed some trojans or whatever hacking tool these thugs used to get my website data. The way I surf did not pose too much risks in the past because I have nothing to protect then except my email addresses and some forum accounts. When I acquired online real estate and other pertinent accounts, I should have changed accordingly and learned defensive surfing instead of going ahead with my careless maneouvers online.
After rectifying the initial hacking symptom, the main page, my other mistake was thinking that that was it. Turns out these hacking beginners are not that ‘beginner’ at all. They have somehow been able to inject some script file in my directory. And you know where they hid it? In an inner folder in the ‘classic’ theme folder. Clever, eh? Who would ever care to check there? (Obviously only those careful, non-stupid webmasters 😉 ). And so, when it was left there to breed, it produced another file that now probably sends emails to their list telling them about their paypal accounts needing some re-confirmation or something to that effect, with the intention of catching the data of the poor souls who are not clever enough to know the difference between a legit paypal site and the stinking hacker’s paypal site. This is just conjecture on my part as I have no evidence that the script is actually doing this, though that was what the folks at lunarpages are implying. The script could have either served as their backdoor entry point, or had been left there to run on automation (maybe creating new files) because even after I changed all passwords and usernames, the symptoms did not stop. Another point that tells me these are not hacking beginners is their intent to steal paypal information from unsuspecting people. Whether in the real world or in the world of ones and zeros, these are plain thieves.
I would like to rant on about my hatred for this low-lifes and waste more of your time but no amount of ranting can stop them I suppose. I believe in karma and I’m sure these thugs are going to get their due some time. Ugh, in a past life, I might have been a hacker and now am getting my just recompense for the inconveniences I have incurred on hapless folks. Wait, in a past life? Oh well, I’ve probably hacked into the ENIAC and caused mathematicians some confusion by returning wrong square roots. But that was ‘ethical hacking’. They were using the ENIAC to automate the firing of ballistic missiles.
Once I got back access to my cpanel (courtesy of the support guys at lunarpages, who took my site offline before it could do more damage), I immediately looked into the dirty files and deleted them. I also scanned through each file in all folders in the whole directory checking out modified dates that looked odd and promptly checking them out and deleting them when found to be indeed odd. These look easy on print, but I tell you, it took a lot of patience and googling and evaluating and sleeplessness to work it out. I tell you guys, ‘an ounce of prevention is worth more than a pound of cure’ took on 3D life before me. And I don’t need lasik for hindsight because I now know I got 20/20. Being hacked makes you learn a lot of things really quickly. I learned about permissions: what 0755, 0777, and 0600 means, and the usual rule of thumb among developers to go 755/644 on folders/files structures. I also learned to contain my anger a little bit.
So, why do I call them ‘hacking beginners’? Oh, again, let me be. They’re amazingly good at their chosen paths. But, just let me call them whatever I like. I’m the victim here, remember? Hacking beginners, you! Lamers.