This post - our 1,000th since LAVoice.org launched back in the depths of winter '03 - proves that change is the only constant. Just when you think you have the world figured out, something big knocks it off its fine, jeweled bearings and you're staggering around trying to find your feet.
Post 1000 was supposed to be a rousing cheer for the community that's made LAVoice what it is today. I figured I'd invite all our faithful voices and readers downtown for a booze 'n' munchies party in a couple of weeks to celebrate.
I'll get to that in a minute. But first there's the matter of "spykids ownz you" - the black eye that a passel of vandals just laid on this site and everyone who cares about it ...
As near as I can make out, a malicious Brazilian hacker crew - or more likely, their hackbots - destroyed our homepage and shut us down for close to an entire day after three simple homepage-erasing runs a few days earlier.
Thanks to the patient expertise of Orange County security expert Jim McMurry, we sorted it out in pretty short order. We upgraded the server software, reloaded all the databases and content and lit up the site again late this morning. There's no guarantee we won't get hacked in the future, but the ship's tighter now, and we know the drill.
(Update: Jim mentioned that spykids are probably "script kiddies." Google says they're the sort of petty vandals whom true hackers regard as lower than pond scum since they do nothing to advance the "art" of hacking.)
I'm still running around fussing over little piles of debris - the topic icons like "Media" shouldn't have those nasty hover-borders - (dadgum idiot kids, look at this mess) - but the good news is that not a single one of your posts was lost.
Since the site is based in PostNuke, and "spykids" are notorious for defacing sites worldwide, I thought I'd share what we learned:
As near as Jim can make out, they search for PHP-driven sites that are vulnerable - perhaps by bot. Recent reports have them attacking sites running phpBB, others report they got in via awstats - no matter. They're making it their mission to attack PHP platforms that are asking for it.
In our case, LAVoice was running an older version of PostNuke (I've no one to blame but myself for leaving the site vulnerable by not upgrading regularly). The hackers appear to have found an exploit in the Admin section of the site, and ran a SQL injection, changing every single page in my directory with the name index.html, index.php or index.html to display their graffito.
They then set up a script that intercepts any requests to the database for index pages.
In other words, when you (or I) tried to download the home page at http://lavoice.org/index.php the script redirected the request to one of the graffiti pages. About as elegant as a stiletto in the ribs. I'm grateful it wasn't a baseball bat to the head: They had access to my directories, and could have wiped out everything or done worse.
For anyone else running PHP-based sites - Nuke variants, Moveable Type, WordPress - make sure you've upgraded your server apps and keep on top of the security patches. And backup, backup, backup. It's the only reason there's anything left of LAVoice.org today.
Now then: Where were we?
Oh, yeah - a party! Save the night of Sept. 8 - the Thursday after Labor Day.
I'm working to arrange a venue right now with the help of the gracious Celia, and we'll be sure to augment the cash bar setup with some good L.A. grub.
Why celebrate? LAVoice has pulled together a cool, very engaged and savvy community in its brief lifetime. The contributions of our writers (and now artists in L.A. VISION) and readers who post impassioned, sharp and funny comments have made this an online home for Angelenos who want a say in how Los Angeles evolves.
