Aargh.
The problem wasn't in Movable Type at all; it was in phpBB, as in the old mu.nu forums. A combination of a hole in phpBB, the design of Movable Type, and an oversight on my part allowed the hackers to deface your pages.
I've shut down the mu.nu forums. Completely. I've had too many problems with phpBB 2, and version 3 still isn't out. phpBB can be kept reasonably secure if you attend to it regularly, but I have too many things to look after to worry about something with as bad a history as this.
The hackers managed to run some other scripts as well as the one that defaced your blogs. They never had administrator access, but it's possible they made a mess in some places I haven't found yet, so I get to spend the next day or three crawling all over the system and zapping anything that looks suspicious. This *has* to be done before we can move to the new server, so I might have to put that off for another week.
Fortunately, none of this affects Minx, which is on completely separate dedicated servers, and isn't affected by the same sort of security loophole. (Which is not to claim that it's immune to attack, but it's immune to that attack.)
Sigh.
At least now I know what it was, and I can close the door on it. Apologies to everyone affected, particularly George Roper, who ended up (not that this was my intention) almost acting as bait so that the attackers would come back and I could catch them in the act.
Okay I deleted over 50 entries that were done today with a bracket in them. That seems to have taken care of the broken comments for now. But I wonder who "Key 121" might be... that's all it said to identify the lister.
This time it was AlexC (ID: 305) at 2007/09/25 19:17:49 who blacklisted "cbcdrhmm.com]vakoacvw[" and broke the comments. Sigh. Anyone know who it is so I can email 'em?
Okay, a little update on the topics of the day:
I have a workaround for the cookie problem that was stopping the Minx-for-munu rollout, and I've also sent a question to the developers of CherryPy (the web framework Minx is built on). The rollout will begin tomorrow; I'll get through the waiting list as fast as I can. Each blog will be copied to yourblog.new.mu.nu, and then I'll email you so that you can check it out. If you're happy, I'll switch it over so that it takes the place of your old MT blog directly.
I've also been working to secure MT and stop the defacement attacks. I'm not sure if this has worked, but I have also implemented a new logging system in MT itself. So if we are attacked again, it should tell me how the attack is happening and who is doing it, and I will be able to put a stop to it.
I made a couple of booboos while I was doing this, and MT was down for a while. Sorry about that. :(
Again, if you see anything strange going on, please email me at andrew -at- pixymisa -dot- net, and I'll jump right on it.
Update: Sorry about the slowwwwwness... I was preparing for the move to the new server, and it was doing bad things to the old servers. I've changed tactics and I'm going to do a cleanup on the old servers first, and then copy everything across. The CPanel copy process is incredibly inefficient and causes huge problems to the server I'm copying from; unfortunately I don't have much choice but to use it. I have found that one option they added in the latest version of CPanel actually makes things worse, so I'll make sure that's turned off for the next pass.
Update: For example, I'm archiving and then deleting over 20GB of statistics from the web stats program Analog. I hate Analog.
Just to let everyone know that I was hacked last night (The Story Here) and sent an URGENT Help e-mail to Pixy.
Not only did Pixy respond almost immediately, he fixed the problem, helped another munuvian who was hacked the same way, but followed up and helped change passwords etc to make sure nothing was screwed up.
So, I just want to say: "THANK YOU PIXY, YOU ARE ONE HELL OF A GUY!!!"
The comment script has been renamed (once more). This gives us a brief respite from spam, and should last us until we're on the new server.
What this means is that comments on all your old posts are effectively closed (since they link to the old script) and comments on your recent posts won't work until you update your blog (post a new entry or edit a recent entry) or do a rebuild.
I'm going to see if I can do a quick rebuild of people's front pages to help work around that.
Update: The rebuild appears to be working. If you still have comment problems on your blog, first try updating a post (just edit the post and save it), and if that doesn't fix it, let me know and I'll get it sorted out for you.
Apparantly, someone in the middle east doesn't like fake UFO pictures or YouTube videos because Blather Review has been hacked! HALP!!!
Hi everyone.
Good news first: Minx is open for migration, as of right now. :D
If you don't mind a fairly standard Minx layout - see my site, mee.nu itself, AZ Resident, Brickmuppet for some samples - I can get you up and running very quickly.
Also, it's easier if you don't use CPanel or your mu.nu email address; it will be another few days before I have CPanel and Minx playing nicely together. If you don't mind losing CPanel just for a few days I can move you right away and enable CPanel later.
If you'd like me to do all the work and just hand you the keys to a shiny new Minx version of your blog, all you have to do is post here or email me at andrew -at- pixymisa -dot- net. Posting in Minx is very much like MT, except there's a fancy WYSIWYG editor, so you can get going in your new blog very easily.
There are twenty standard themes you can choose from: Blue, Green, Grey, Orange and White just have colour gradients for the banner (see Brickmuppet for an example); Beans, Bug, Butterfly, Cheese, Chips, Clover, Fire, Gargoyle, Green Tomatoes, Ireland, Mountains, Rosebud, Saltnpepper, Sunrise and Sunset have nice photos (see AZ Resident for an example of the Fire theme). (I'll post examples of all the themes shortly.)
You can switch between 1, 2 and 3-column layouts at the flick of, well, a switch, so no problems on that score.
I'll also be available to help converting existing layouts and stylesheets and banners and so on.
If you'd like to do the work yourself you can export from MT and import into Minx. Again, just comment or email me and I'll set you up for that.
Oh yes, one other thing: I need to get the number of page impressions and ad views up for mee.nu and mu.nu to attract advertisting (and hence, money!) If you're willing to have a small banner add on your site (see my site), let me know. I'm more than happy to split the revenue with you, or if you're not interested in that (for smaller bloggers it might only be a few dollars here and there), we can pool the money and donate it to a charity. (I'm thinking the American Red Cross or Doctors Without Borders, but I'm open to suggestions.)
And now for the crap news: We have a hacker defacing mu.nu blogs. Several blogs have been hit already. I've restored them all, but it's possible that more attacks will occur. If you see anything untowards, please let me know right away.
Just another reason to move to Minx, I guess. :|
Another server meltdown - the other server, this time. :(
Migration to shiny new non-melty server is still on track for this Sunday. :)
Update: Aargh. A series of minor glitches combined to throw out my schedule. Move postponed until Sunday 23rd.
Can anyone help me with the old three-column set-up? I've read the stuff linked here, but I'm woefully uncertain of my ability to implement it.
I'm sort of at the limit of HTML/CSS/etc abilities when I figured out how to change the colors on the site and put a pair of flags in the banner, so yeah, not capable of figuring it out myself.
Sorry about that outage. The server melted. Probably spammers again, but hard to tell, what with the server being all melty. :(
We will be moving to a new, less melty server next Sunday! There will be a couple of hours of confusi-time, where posts and comments might be saved but not show up immediately, that sort of thing. But since we are staying at the same hosting company, just moving to a larger box, the process will be a lot quicker and easier than previously.
I'll post more details later today.
Also later today: Minx. :)
Mark did it again! He blacklisted bqkpwypi.com]gptzbwbc[ and the open brackets screwed up the blacklist.
Please...someone find Mark and take him behind the shed!
Have received a few emails from people trying to comment and getting this:
An error occurred:
Invalid [] range "d--" in regex; marked by <-- HERE in m/-4-you.info|-com.com|-mobile-phones.org|-site.info|.+diamond.+os.com|.+shemale.com|.a-scuba-school.com|.bg.de|.biz|.blackjack-21.ws|.blackjack-p.com|.blackjack-strategy.ws|.casino-games.co.il|.casino-online-i.com|.casino-royale.ws|.cheapativan.com|.chuanqisf.cn|.cn|.cut-jobs.info|.debt-help-bill-consolidation-elimination.com/|.diabetic-care-supplies.com|.gambling-casinos-trx.com|.hbsnwa.org|.imxafterclub.com|.jobsearchlegal.com|.juegos-de-casinos-es
. at extlib/jayallen/Blacklist.pm line 3098.
Thing is, they are legitimate commenters with legitimate comments that don't refer to any of those things.
I got it myself when I tried to post a test comment, and I know that I'm a non-offender.
Blacklist problem?
Server problem?
Did someone add in open brackets to the MT Blacklist? I'm getting weird messages whenever I try to comment on any MuNu blog. Message fragment:
An error occurred:Invalid [] range "d--" in regex;
I know that spammers love the word "free" but since I blog about things like "freedom" could we please take the word "free" out of the thingie that makes the comments go boom?
Please?
