Wednesday, July 9

Been Hacked

A few years ago, I did some work on a web site for a local Sci-Fi convention. The original developer passed away suddenly (RIP Ray G.) So I took over the job, and rebuilt everything from scratch in PHP. It turned out pretty good, but I did make a bad mistake. In order to make the main page menu be modified from a program, I had it read the links from a database. That was ok; the mistake was that I used fully qualified URLs. It was about a month before someone discovered and hacked it. Fortunately, I'm firmly in the Ratbert Engineering category. From Scott Adam's Dilbert, Ratbert gives the old adage of the Optimist seeing the glass half full, the Pessimist half empty. The Engineer has another half glass as an emergency backup. So restoring was a minutes' effort. It took another half hour to look over the logs to see how it was hacked, and another hour to fix the hole.

No comments: