Oh my, what a long 36 hours I have had. I feel like going to the store and buying a couple 40 ounces, then after swallowing those down perhaps I could smoke a fat blunt. That would be very fitting, unfortunately that would probably even get fucked up somehow.. It all started yesterday when I hit reply to a thread at PAW and BOOM, up pops the Turkish Hack. Well actually it’s not really even a hack, it’s just a redirect. More about that in a second though. Just to get you in the mood to discuss Turkish Hacking, you should play this song, minimize, and continue reading. Apologies for the upcoming foul language in this post in advance too…..

Turkish Hackers Using A Vbulletin Redirect

Okay, now that the mood is proper let’s continue. The first thing that puzzles me about these assholes is that there is really no purpose or point of doing this. Likewise there is no motive, although on their kiddie hacking log it did say “political reason” in Turkish. For fuck sake guys, at least try to extort me for some of this filthy U.S. money. Like I said this is kiddie work, and it wasn’t really a true hack. No help to the fucktards that work in HostGator support (more on that in a bit) I was able to research the actual exploit and find this out on my own.

I believe the redirect was allowed to be inserted into either a thread title or username on new user registration. Normally VB will not allow html to be placed in titles, usernames, or anywhere else on the board by default. However when you have 3rd party plugins or mods installed, these can sometimes be opened up to exploitation. The only plugins I have installed are VBSEO, NoSpam, and VBSociable. So it actually could have been another setting in the admincp. Nonetheless here is the easy fix. Again this is nothing but a simple html redirect being inserted somewhere.

There are two ways to fix this or avoid this. First, make sure that html is disabled in all posts. Then you need to add these words and characters to your “Censored Words List” in the Vbulletin admin panel.

{meta} http-equiv content=”0 content=0 content=<

If the hack is being caused by a plugin of some sort you can also immediately stop the redirect by disabling the Plugin/Hooks globally via the admncp. That is my final conclusion on what happened both this time and last time the forum was hacked. I have disabled a few of the plugins as well as added the proper words to the censored words list. I’ll keep my fingers crossed.

Hostgator Sucks For Large Websites and Dedicated Servers

I have been with hostgator for several years but will be leaving soon. Well as soon as the Lithuanians get PAW off this box (which was supposed to be completed weeks ago)…..that’s whole other rant. Anyways, I have a dedicated server with them that houses around 10 sites at a cost of aprox. $350 a month. I also have a reseller account with them that houses aprox. 30-40 smaller less trafficked sites.

I have never had a single issue with my reseller account. However in less than 12 months, I have had to open over 24 support tickets for my “managed” dedicated server. Let me list the reasons of why you should never ever under any circumstance get a dedicated server with hostgator.

Reason #1 - When I first signed up for the dedicated server, they were more than happy to facilitate the move of PAW from the reseller account. Many of you that have been around for a while may remember the following. When they moved the site, they somehow fucked up the SQL database and lost a months worth of postings. The only backup they had was a month old. Dohhhhh, wouldn’t a competent server admin make a backup of the site before attempting to move critical pieces of it. Apparently not these guys.

Reason #2 - When I signed up for this $350 dedicated server I was told, and it is published on their sales page that Urchin Stats are included. Well guess what, although nobody made it known to me, my server was actually outsourced and to this day is still a server from a company called Layered Technologies! These LT servers don’t come with Urchin like advertised by Hostgator. Likewise when I have support issues where someone actually has to work on the box, it first goes to hostgator, and then to some random tech at Layered Technologies. This is a joke, and I never would have known this had I not asked for Urchin. If I buy a fucking server from Hostagtor, I expect it to be housed at The Planet with every other Hostgator server.

Reason #3 - The people in their support department have no fucking clue what they are doing. All they know how to do is escalate tickets. Then heaven forbid your support ticket gets escalated to Level 3 or critical. Now it’s in the hands of some system admin that is offshore and not even in a hostgator office. Good Luck if he leaves for the day, you’re fucked for 16 hours while you call and they escalate your ticket to some other dipshit. Like I said earlier, if you just need a reseller account or to host small sites, hostgator is adequate. But for a dedicated managed server, forget it.

Reason #4 - Let’s look at this incident. I saw the forums were hacked and immediately opened up a ticket. From the beginning I knew this was going to be a cluster fuck between Chicago, Lithuiania, Australia, Texas, and some hut in Pakistan. So I asked them to just restore the site from the most recent backup. It fell on deaf ears and some server admin started picking apart the SQL database as he was convinced the hack was an SQL Injection that “has done severe damage” to the entire site. So 12 hours later, PAW comes back up without the re-direct……ummmm but wait, there are no forums or content……. I reply to the ticket and when I see the server admin reply I almost have a heart attack. He tells me that there are no backups and the information is damaged.

Rewind 3 months, I have email documentation from Hostgator telling me that my “managed” and dedicated server is backed up every day.  After all the B.S. I have dealt with this was extremely important.  When I reply with the email documentation and a few other choice words, they magically find the daily backup. So they backed it up to yesterday before the hack. As you may have seen this morning the forums were still a mess. After fucking everything up for almost 24 hours and screwing with SQL databases that didn’t need to be messed with, Hostgator replies and says I will need to rebuild it from here and that the hack did quite a bit of damage.

Hey Dipshits, Isn’t the backup from before the hack? Regardless, my man Bobi from TopQ saved the day as always and got the right files where they needed to be. Bottom line is that Hostgator has been nothing but a disappointment from day 1 with my dedicated server.

Speeding Ticket

So finally today when everything seems to be under control with PAW, I go to the bank to see if a large affiliate payment that is owed to me was received. Imagine that……No Money!. That’s about par for course………….but wait it gets better. On the way home a pleasant Illinois State Trooper pulled me over and wrote me a ticket for 12 mph over the limit. I’m so thankful he slowed me down before I lost control and caused chaos on the expressway. Although I was going with the flow of traffic, I am convinced I was pulled over because I am white, drive a Lexus, and was drinking Starbucks. These kind of racial profiling excuses work for everyone else in the U.S….. why not me?

This entry was posted on Thursday, September 13th, 2007 at 3:52 pm and is filed under Personal. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.