Hacking Beginners

Hacking beginners are called the same way beginner programmers are called. Lamers. The hacker who messed up my site is, I believe, a member of this group. I can’t exactly tell why I dumped him in that poor level. Maybe I’m just pissed off or maybe I first sensed something so amateur about his clamor for attention.

Guys, I may not make sense at all in this post, but just let me be (and note that this is not a ‘hacking for beginners’ post). Give the poor chap who just got hacked some space and allow him to let out his anguish even just this one time. Like I’ve said in a previous post, I am entirely to blame for my website’s mishap at the hands of this online sissies. I’ve been a little too liberal on my surfing habits and have loosened my guard and thus have allowed some trojans or whatever hacking tool these thugs used to get my website data. The way I surf did not pose too much risks in the past because I have nothing to protect then except my email addresses and some forum accounts. When I acquired online real estate and other pertinent accounts, I should have changed accordingly and learned defensive surfing instead of going ahead with my careless maneouvers online.

After rectifying the initial hacking symptom, the main page, my other mistake was thinking that that was it. Turns out these hacking beginners are not that ‘beginner’ at all. They have somehow been able to inject some script file in my directory. And you know where they hid it? In an inner folder in the ‘classic’ theme folder. Clever, eh? Who would ever care to check there? (Obviously only those careful, non-stupid webmasters 😉 ). And so, when it was left there to breed, it produced another file that now probably sends emails to their list telling them about their paypal accounts needing some re-confirmation or something to that effect, with the intention of catching the data of the poor souls who are not clever enough to know the difference between a legit paypal site and the stinking hacker’s paypal site. This is just conjecture on my part as I have no evidence that the script is actually doing this, though that was what the folks at lunarpages are implying. The script could have either served as their backdoor entry point, or had been left there to run on automation (maybe creating new files) because even after I changed all passwords and usernames, the symptoms did not stop. Another point that tells me these are not hacking beginners is their intent to steal paypal information from unsuspecting people. Whether in the real world or in the world of ones and zeros, these are plain thieves.

I would like to rant on about my hatred for this low-lifes and waste more of your time but no amount of ranting can stop them I suppose. I believe in karma and I’m sure these thugs are going to get their due some time. Ugh, in a past life, I might have been a hacker and now am getting my just recompense for the inconveniences I have incurred on hapless folks. Wait, in a past life? Oh well, I’ve probably hacked into the ENIAC and caused mathematicians some confusion by returning wrong square roots. But that was ‘ethical hacking’. They were using the ENIAC to automate the firing of ballistic missiles.

Once I got back access to my cpanel (courtesy of the support guys at lunarpages, who took my site offline before it could do more damage), I immediately looked into the dirty files and deleted them. I also scanned through each file in all folders in the whole directory checking out modified dates that looked odd and promptly checking them out and deleting them when found to be indeed odd. These look easy on print, but I tell you, it took a lot of patience and googling and evaluating and sleeplessness to work it out. I tell you guys, ‘an ounce of prevention is worth more than a pound of cure’ took on 3D life before me. And I don’t need lasik for hindsight because I now know I got 20/20. Being hacked makes you learn a lot of things really quickly. I learned about permissions: what 0755, 0777, and 0600 means, and the usual rule of thumb among developers to go 755/644 on folders/files structures. I also learned to contain my anger a little bit.

So, why do I call them ‘hacking beginners’? Oh, again, let me be. They’re amazingly good at their chosen paths. But, just let me call them whatever I like. I’m the victim here, remember? Hacking beginners, you! Lamers.


  1. Man, I reckon after this I was going to delete my classic folder but then I think I remember reading somewhere that if there is ever a problem with the theme you’re using that WP reverts to the classic theme. I’m not sure if this is entirely accurate.

    Anyway, at least you were able to work it all out, I’m not sure that too many others would have been able to do that.
    .-= Sire´s latest blog ..Blogging, It’s Not What You Say But How You Say It =-.

    1. Actually, I think it’s the ‘default’ folder that wp reverts to. And that’s why I left the default folder be.

      I think anyone who does not make defensive moves and waits for it to happen on their own websites would be ‘able to do it’ by force, the way I have, because your only other options are to hire and thus pay someone to do it for you or you delete your directory clean and start from zero.
      .-= james_mdeo´s latest blog ..Free Printable Math Worksheets =-.

    1. Sorry Will, but it happened because I did not take the ‘ounce of prevention’ measures.

      Again, I think every website owner should learn some trick or two about securing their websites from these thieves. Otherwise, they’ll have to find themselves looking for the ‘pound of cure’ later. 🙂
      .-= james_mdeo´s latest blog ..Google Search Engine Ranking Pattern =-.

    1. Hey Karl. LOL, if I had vented my anger the way I really like it, I would have lost the ‘Pacifist’ title I have in my family. My brother is the ‘warrior’.

      As to Lunarpages, they have been very supportive. I sometimes wander why I see some webmasters rant about receiving rude treatment from Lunarpages when all I’ve ever encountered are prompt and ‘extra-mile’ support from them.
      .-= james_mdeo´s latest blog ..Free Printable Math Worksheets =-.

  2. Wonderful blog post! Informational and well written. I think I could learn a thing or two from the way you set up your blog. I have subscribed to your rss feed and bookmarked your blog on delicious. I have a blog about SEO and social media that you are welcome to comment on if you find something that intrigues you.
    .-= Florida SEO´s latest blog ..Optimize ur Twitter Profile =-.

Comments are closed.