Frank Zappa once defined rock journalism as “people who can’t write, interviewing people who can’t talk, for people who can’t read.”
I think there’s a related phenomenon for bloggers who blog about blogging, and so I try to avoid that. Today’s an exception, though if you don’t have a blog of your own you can skip and come back another day. (I’m nearly ready for another post on Ten Steps to Complex Learning, which has taught me that “step” is a very flexible concept.)
Sometime on Sunday, my blog was hacked. And really hacked–more that a dozen of the behind-the-scenes files were altered, with code inserted in them that ended up taking orders from a server in Latvia. (There are over 600 files that make up WordPress–a lot of scenery to hide behind.)
At least on my own computer, that led to random redirects: I’d click a link in Google and jump past the target to some crummy aggregation site, from which I’m sure hacking-through-Latvia folks were getting reimbursement.
I found some other malware on my own computer, though I don’t know if it’s connected to the blog hack or just a depressing coincidence. As a result, I’ve spent the best past of two days doing search-and-destroy (or search-and-feel-befuddled), along with a lot of testing and attempts at cleanup.
This is the dark side of the networked, interlinked world: we take our tools for granted, the way we don’t think about counterweights in elevators or the airframe on our flight to Dallas. And the confluence of complexity with multiple vendors and extreme specialization means that when things go wrong, it’s damned hard to figure out where, let alone how to resolve it.
Like this advice:
The easy way to [protect your MySQL database] is to put the database access passwords in a file with a .inc.php extension (such as config.inc.php), and then place this file in a directory which is above the server’s document root (and thus not accessible to surfers of your site). Then, refer to the file in your PHP code with a require_once command.
I actually understand about 85% of that, which is more than I can usually say for household wiring. Still, it leaves me pessimistic; working with PHP code is like working with that wiring, where I’m thrown as soon as I find three wires rather than just two (and, no, I’m not counting the ground wire).