Linux guides. mIRC tutorials. BitchX configuration. Everything I've learned, documented. Step by step. What to type. What to expect.
Animated GIFs everywhere. Spinning @ symbol. Flame dividers. Black background. Green text. Visitor counter. Guestbook for comments.
Within hours, the counter hits triple digits.
I get a PM on goodmonin2ya.
[RandomGuy] hey i found your site. helped me get mirc working
[SKa] nice man
[RandomGuy] can i hang around?
[SKa] yeah welcome
Someone found the guides I wrote and the server we built. And now they're part of it.
The server population grows. 60 regulars. Peaks hitting 90.
---
A week after launch, SteeZ pings me.
[SteeZ] yo you seeing much web hacking?
[SKa] not really. why
[SteeZ] defaced a couple sites last week. wanna see how?
[SKa] yeah definitely
He walks me through it. Shows me how to check a site's directories. How some admins leave folders wide open so their upload scripts work.
[SteeZ] its like leaving your front door unlocked
[SteeZ] you did it so the pizza guy could get in
[SteeZ] but anyone can walk through
[SKa] and just upload whatever?
[SteeZ] if they find the form. yeah
He shows me a university site. Uploads a file through their contact form. Browses directly to it.
[SteeZ] boom. i can run code on their server now
[SteeZ] could change their homepage. read their files. whatever
My hands stop moving on the keyboard.
The guestbook.
My uploads folder. I opened the permissions completely so the Perl script could write to it.
Anyone can write to it.
[SKa] brb
I pull up my web server logs. Start scanning.
Just normal traffic. People reading guides. Posting to the guestbook. Nothing weird.
Okay. Nobody's found it yet.
[SteeZ] you there?
[SKa] yeah sorry
[SteeZ] anyway. easy to fix. just lock down the directories
[SteeZ] but most people never check
I should fix it right now. I know exactly what to do. Thirty seconds of work.
[SpaceGoat] ska you there?
[SpaceGoat] someone's probing our server. need you
But SpaceGoat needs help. And nobody's attacked my site yet. The logs are clean.
[SKa] on my way
I'll fix it tonight. After I help SpaceGoat. Before anyone finds it.
---
Two hours later, #hip-hop is secured. I'm back at my desk.
Someone's asking about server hosting in #linux. I type up an explanation.
The guestbook page is still open in my browser. I refresh it while answering questions.
*"Great IRC tutorials! Finally understand how bots work."*
*"Your Slackware guide saved me. Was about to give up."*
*"Connected to your server. Good people there."*
People are actually reading this. Actually using it.
Normal stuff.
Wait.
New entry. Posted six minutes ago.
*"nice site"*
That's... fine. People say that.
But something feels wrong about it.
I refresh again.
Another new entry. Posted two minutes ago.
*"uploads folder is interesting"*
Wtf?
I switch to the terminal. Pull up the server logs.
Someone's been checking my directories. Just now.
They found the uploads folder.
They're still here. Right now.
[cypher] ska you around?
[cypher] got a shell question
My fingers hover over the keyboard. I should tell cypher I'm busy. I should fix the folder. Right now.
[SKa] yeah shoot
What am I doing?
Help support creative writers by finding and reading their stories on the original site.
I split my screen. cypher's question on one side. Server logs on the other.
He's asking about permissions. The irony isn't lost on me.
[SKa] you want 755 for most things
[SKa] only use 777 if the script needs to write to it
Do what I say, not what I do.
The logs scroll. The attacker posted to the guestbook again.
I refresh the page.
*"test.txt"*
Not a comment. A filename.
They're trying to upload a file through the guestbook form.
I check the uploads folder through SSH.
Nothing there. The upload didn't work.
Okay. They tried and failed. Maybe they'll give up.
[cypher] thanks man
[cypher] that fixed it
[SKa] np
I stare at the terminal window. The fix is right there. I know the command. I know what it does. I taught someone else how to do it thirty seconds ago.
But if I take the site down to fix it, someone might ask why. And then I'd have to admit I left it vulnerable. That my security guide was written by someone who doesn't follow security basics.
The guy wrote a Linux installation guide but left his own website wide open. What a fraud.
The site's working. The server's growing. 200 people visited today. The vulnerability is still theoretical.
Nobody's successfully exploited it.
I'll fix it before bed.
---
11 PM. I'm helping a user debug a bot script on our server. SpaceGoat's messaging about typosquatters. Someone registered a domain that looks like ours, running ads, making money off work I gave away for free.
I spend an hour documenting everything and drafting a complaint.
---
2 AM. The complaint is filed. I'm about to shut down for the night when I remember.
The vulnerability.
I pull up the guestbook one last time.
Scroll to the bottom.
New entry. Posted forty minutes ago.
*"you should really fix that uploads folder"*
My butthole clenches.
New entry. Posted twenty minutes ago.
*"checked your security guide btw"*
Oh no.
New entry. Posted six minutes ago.
*"you teach people to use 755"*
No no no.
Latest entry. Posted three minutes ago.
*"but you used 777"*
I'm scrambling for the terminal. Fingers slipping on the keys. Typing the wrong commands.
*"guess you dont follow your own advice"*
I pull up the server logs.
They've been testing all night. Different approaches. Different filenames. Learning the system.
Wait.
I switch back to the guestbook.
New entry. Posted one minute ago.
*"fixed it for you"*
What?
I check the uploads folder.
The security settings changed. They're locked down now.
They... fixed it?
Wait.
New file in the folder. Created thirty-seven minutes ago.
`fixme.php`
They got in.
They uploaded a script. They had full access to everything. Could have deleted the site. Stolen the user database. Posted a message as me telling everyone I'm a fraud.
Instead they fixed the problem and left a note:
`// everyone starts somewhere. just lock your doors next time.`
The guestbook. Those messages are public.
I start deleting. Fingers slipping on the keys.
*"you teach people to use 755 but you used 777"*
Delete.
*"guess you dont follow your own advice"*
Delete.
How many people saw these?
Refresh. Clean. Just normal comments now.
But the evidence is everywhere. Server logs. Command history.
My security guide has been downloaded 1,200 times. People are using it. Trusting it.
I shut off my monitor.
Tomorrow I'll check if anyone saved those messages. If everyone knows.
Tonight I just need to stop seeing those words.
*"guess you dont follow your own advice"*