Never Access Your Site with a Strange Computer in Another Country

by W.F. Price on April 19, 2012

Looks like accessing my admin panel from abroad was a big mistake, and the site got hacked. I’m going to have to deal with this immediately. A major pain the rear, but life goes on. My host will help clean it up and I’ll be more careful in the future, however, I may have to avoid the admin panel for some time, so comments will likely be an issue.

{ 15 comments… read them below or add one }

Red0660 April 19, 2012 at 19:14

When people try to see my blog they now get this warning about the-spearhead: http://dl.dropbox.com/u/19153289/censorship.jpg

This is not good. The-Spearhead is linked widely on MRA sites. The MRM really is taking a hit from this. F******K. No worries brother, lets get this figured out.

Like or Dislike: Thumb up 6 Thumb down 0
David F. April 19, 2012 at 19:19

Sorry about that, and thanks for the advice.

In the future, you could set up an SSL (https://) port that would allow you to securely enter passwords without danger of intereception. A VPN would be another possibility.

Snagging passwords from unsecured transmissions can be a risk anywhere, so I think it would be a good idea to have a hardened admin access system no matter from where you plan to log in.

Like or Dislike: Thumb up 8 Thumb down 0
Red0660 April 19, 2012 at 19:20

I wonder how long this warning will be sent to the public when they enter MRM sites…this is not good! Anybody know if the warning goes away? I took down my spearhead link for the time being to keep MRM traffic flowing. I WANT TO PUT IT BACK AS SOON AS POSSIBLE.

Like or Dislike: Thumb up 4 Thumb down 0
Anon April 23, 2012 at 19:25

Good cautionary tale for the rest of us who own small sites. I have to be more careful, even when going to coffee shops in the US.

Like or Dislike: Thumb up 3 Thumb down 0
YB April 23, 2012 at 19:40

SSL will not stop key loggers on infected computers.

Only access anything you care about from a computer that you trust.

Like or Dislike: Thumb up 7 Thumb down 0
varslandeman April 23, 2012 at 23:06

“My host will help clean it up …”

Comments about dogs and edible homework notwithstanding, I think it would be of interest to describe more of the details of the attack as well as the recovery. The site could likely be infested with planted objects that neither you nor your hosting provider have yet to find.

One risk that you haven’t described is disclosure risk. Your server logs likely have access information that can be used to identify specific persons and organisations. Some of that data may not be very accurate, since it may reflect the use of privacy-enhancing networks, but much of it may be of use to someone with an interest. Some of these persons and organisations might not welcome much in the way of attention.

To put a more personal point on it: if you were actively going through a merde-slogging fest involving solicitors with some harridan you’d made the mistake of marrying, would you like it to be known that you frequent MRA sites if that has any chance of depriving you of what you Americans refer to as life, liberty, and the pursuit of happiness (which are not necessarily in sequence)?

Your security problems, therefore, also affect many of your readers.

I’ll parallel YB’s statement: only access anything you trust from a computer you care about. For everything else, use a privacy-enhancing network, such as a VPN, and give serious consideration to using a semi-disposable computer. (A sub-£150 highly used-and-abused dispos-a-laptop with open-source software would fit this bill.)

Now that the disclosure risk has been made a real risk, it’s in the interest of readers with some of these concerns to rely on a greater level of privacy when reading The Spearhead. Past associations may be made, but they may be deniable; I’m quite fond of running medium-bandwidth Tor servers on networks where I have a mix of disclosure levels I’m forced to tolerate.

Aside from that, I highly recommend a conventional laptop disk for your dispos-a-laptop, especially one that can be removed in moments. Conventional laptop disks, as in those that aren’t solid-state drives, are made with a durable yet breakable glass substrate. A few moments with a hammer or a chair leg generally prevent a lifetime of worry about certain types of disclosure risks. You may choose to use this analogy when considering access log retention policy changes.

The final point: this might be a collapse in confidence where you don’t necessarily get to choose how to claw your way back. Red0660 has made this point abundantly clear already …

Like or Dislike: Thumb up 3 Thumb down 2
Hf April 23, 2012 at 23:25

Welcome back

Like or Dislike: Thumb up 0 Thumb down 0
Traveller April 24, 2012 at 00:04

Welcome back.

Well next time I suggest do not write “quick recovery” as waiting message, otherwise after some time we start to worry. :-)

I get too a warning message from Google in their search results when I search this site name. The first thought is they tried to isolate these sites, men’s rights and alternative news. Let’s see if they change that.

Like or Dislike: Thumb up 2 Thumb down 0
AfOR April 24, 2012 at 01:47

In the spirit of CONSTRUCTIVE criticism.

1/ it sounds like you have sussed out what you did wrong and wont do it again…. a cheapo netbook running win7 with bitlocker enabled is secure enough and portable.

2/ don’t put messages about a quick recovery, and leave them up for three days.

3/ you are getting big enough to consider some failover / round robin alternates

Like or Dislike: Thumb up 1 Thumb down 0
W.F. Price April 24, 2012 at 02:04

Thanks AfOR

It was a stupid mistake. Fortunately not a fatal one.

As for quick recovery, the weekend complicated things a bit for me (as did the fact that I’m not at home). Given the circumstances, it was taken care of fairly rapidly.

Avenger April 24, 2012 at 04:16

varslandeman writes –
“To put a more personal point on it: if you were actively going through a merde-slogging fest involving solicitors with some harridan you’d made the mistake of marrying, would you like it to be known that you frequent MRA sites ……”

And how would the lawyer or wife discover that?

“For everything else, use a privacy-enhancing network, such as a VPN, and give serious consideration to using a semi-disposable computer. (A sub-£150 highly used-and-abused dispos-a-laptop with open-source software would fit this bill.)”

Firstof all, no one is going to go to the trouble of wasting a lot of money to see what sites you go to. They’ll never get a subpoenaunlessit involved some real crime and evn then the gov’t eperts would have to sort a lot of thing out which I don’t want to bother to explain here. And why would you need a disposible laptop? Just remove the hardrive, I can do that in 1 minute.

“it’s in the interest of readers with some of these concerns to rely on a greater level of privacy when reading The Spearhead. Past associations may be made, but they may be deniable”

I see no reason to be worried about this.

“Conventional laptop disks, as in those that aren’t solid-state drives, are made with a durable yet breakable glass substrate. A few moments with a hammer or a chair leg generally prevent a lifetime of worry about certain types of disclosure risks.”

You’re really worried about things that fall into the criminal activity area not just surfing the net. Keep an etra hardrive for the computer’s OS and any applications and have another in the PC that you can remove quickly. Wipe it first at DOD level wiping then remove it.

@David “In the future, you could set up an SSL (https://) port that would allow you to securely enter passwords without danger of intereception. ”

Not much chance of that but what about the place where you enter the password, like a web hosting site. I’m sure that the workers there, usually mangina nerds, can figure out your password or even already know it.Most of these “hackers” are not realy hacking anything and get info from one of their nerd friends working at a place.

@Anon-”I have to be more careful, even when going to coffee shops in the US.” If you’re afraid of some little nerd pulling info out of the air between your laptop and the cafe’s server then do what you do at home with your wireless, encrypt it. Just use something like Norton or Avast that protects for this.

If you’re worried about someone recovering delected data from your pc then make sure you wipe it and overwrite it because Windows just marks it as freespace until it is overwritten (which may be never) and it can be recovered fairly easily.

Like or Dislike: Thumb up 4 Thumb down 3
crypter27 April 24, 2012 at 08:38

I wonder what happened to you,until I heard on A Voice for Men that some thing was wrong.

Like or Dislike: Thumb up 0 Thumb down 0
bob April 24, 2012 at 20:20

So, the PCs available for use in public areas range from relatively secure to totally infested with multiple malware. Either way, I would trust none of them for personal business. ( I’ve been in the “business center” of one hotel where there was no evident security or virus protection of any sort.) keyloggers should be expected in such machines.

I bought a $250 HP6910 laptop at Microcenter – a little old but perfectly useful.

I installed Lubuntu on it (Lightweight Ubuntu or LXDE Ubuntu) and used the installation option that encrypts my home directory/partition, so if the laptop is lost/stolen, nothing can be gotten off of it without a lot of effort. That is my travelling machine.

Like or Dislike: Thumb up 1 Thumb down 0
Thos April 24, 2012 at 20:38

It’s not ‘another country’ that was the security issue, it likely an unsecured browser, compromised computer and a network you’re not in charge of or some combination thereof.

Don’t trust someone else’s computer or network.

Like or Dislike: Thumb up 0 Thumb down 0
Art Vandelay April 25, 2012 at 15:04

1/ it sounds like you have sussed out what you did wrong and wont do it again…. a cheapo netbook running win7 with bitlocker enabled is secure enough and portable.

Doesn’t help you in an untrusted network, especially when you are accessing data through a plain text HTTP connection. There is no SSL on this site…

Like or Dislike: Thumb up 0 Thumb down 0

Leave a Comment

Previous post:

Next post: