Servage hacking, Rubenerd blocking update


Perl Perl Perl
I can't say I ever thought I'd be using Perl as a last resort emergency security tool. Sheesh Servage, get your act together.

My first few days back in Singapore have been eventful to say the least. I could have said they were uneventful, but that would have been inaccurate and would also have contradicted what I just wrote. And the last thing I want to do here is look ridiculous. Well, any more ridiculous than I look now walking down from my apartment building to Orchard Road while I type this post on my iPhone.

ASIDE: I used to mock people who spent more time looking at their phones than paying attention to where they were walking; now with this ridiculously useful iPhone I’m guilty of the exact same behaviour. Walking into light poles seems to be my divine punishment for this hypocricy.

Yes back to eventfulness, since coming back here last Saturday morning, I've had my first major problems with online hacking of my sites, to a degree I never thought possible. So far and the associated subdirectories such as this blog have been the victim of 12 code injection attacks as a result of poor security standards on my webhost. I dislike it when people shift the blame onto others, but all my permissions are set perfectly and the attacks are coming from within my host's IP range, so it's a matter of lax internal security due to what I suspect is poorly enforced group permissions.

Bruce Schneier! As Bruce Schneier said in his Secrets and Lies tome which I admit I've read more than three times, internal threats are often more dangerous than external ones, though they often get placed second in priority. I am a huge fan of Bruce Schneier, I even wrote about the Bruce Schneier Facts website back in 2006. Very fun distraction when all this nasty stuff is going on!

For Servage this isn't new; a quick Google search for Servage Hack returns thousands of results. Even Flickr has a couple of screenshots by people showing their sites and even the Servage host site itself being hacked.

Perhaps as a result of this or because Servage has also been caught hosting hundreds of spam and credit card fraud sites, the StarHub ISP here in Singapore has seemed to start blocking all Servage hosted material. As I sit here at Starbucks now in Tanglin Mall it seems SingTel haven't filtered it, but given Singaporean ISP's general low tolerance when it comes to abuse of their systems I worry they may be next.

ASIDE: For those interested in the attacks themselves, it seems shady Servage users have been inserting javascript into the first line of my index.php files and modifying my .htacess files to redirect to other sites. This despite all my permissions being set to allow myself to read and write, but others in the group to only read. I don’t know what else I can do to block these changes.

I’ve written a trivial Perl script to check the modification dates of every file on the server, and if it doesn’t match a list of predetermined values it deletes the hacked/modified file and restores it, then logs the change. This seems to have stopped all the attacks but it really is a clumsy measure. Servage need to get their act together, because it’s not just me this is affecting.

Suffice to say, I am already in the process of moving over all my material to Segment Publishing hosting and Ourmedia instead of using Servage as well. I had kept Segpub for use only for my university blog, but they've proven themselves for their stellar reliability and great service. They do cost more than Servage, but as I've learned from this experience cost shouldn't be the primary consideration. As a student I do have a stretched budget, but if I have to pay a few dollars extra a month for peace of mind, a server running FreeBSD and my own dedicated IP address that I don't have to share with hundreds of other sites — some of which engage in criminal activities — I think it's worth it.

Bruce Schneier!
Segpub Christmas cheer!

What frustrates me is that it's my own home ISP StarHub that has blocked Servage, which means I have to use a proxy to access my own site. I'll be doing some serious cleaning up of my MySQL tables and I'll be exporting them hopefully today or tomorrow.

Interestingly enough, this blog and all the images used within are quite small. Exporting gigabytes worth of Rubenerd Shows recorded since 2005 and re-uploading them to Ourmedia will be a painfully slow process, but I think it will pay for itself pretty quickly.

Will be keeping you up to date, and thank you everyone for your patience. Because of the difficulty I'm having right now accessing this site, if you want to leave comments you may want to just email me instead.

What a great thing to be dealing with over my preciously short Christmas holiday break. Though I guess had this happened during an exam period it would have been much more disastrous to deal with. Bummer though.

Author bio and support


Ruben Schade is a technical writer and infrastructure architect in Sydney, Australia who refers to himself in the third person. Hi!

The site is powered by Hugo, FreeBSD, and OpenZFS on OrionVM, everyone’s favourite bespoke cloud infrastructure provider.

If you found this post helpful or entertaining, you can shout me a coffee or send a comment. Thanks ☺️.