About a few months ago I thought I have lost my domain mikefoong.com to hackers as it was pointing to a porn site. This was discovered by a friend who just added me on linkedIn and she decided to check out my website. I might have lost some jobs and credibility due to that I suppose. I immediately removed the website link.
mikefoong.com was pointing to a porn site
I started pulling back my sleeves and tried to dig out my old system administration hat and try to figure out who has taken over and how do I change or claimed back my domain. I was beginning to regret not paying for any domain protection. Come to think of it, I still haven't paid for any.
Node.js the internet newest language. Ghost.io the internet's latest content management wonder
Ghost.io is a web content management system build entirely on node.js. and modernised to support multi-device, dynamic screen re-sizing, orientation and most importantly responsive web and sensitive to the touch.
The problem with middle-age and growing old is that you don't have a lot of time to learn or keep learning. Learning takes a whole lot longer and sometimes it is longer than each minor or major update to a piece of software or library or a collection of components. So lacking the management skills of a seasoned programmer and not have a CVS set up. I lost track of what I needed to do and what components I have used and how they are used and that lead to some security vulnerabilities.
I can't pinpoint exactly where the vulnerabilities are but I can roughly paint a picture of the attack. They (the hackers) tried to:
- Sequence of events:
- Overload my server instances using DDOS
- Started to gain access to my vulnerabilities through my ports
- Exploited one of the vulnerabilities to get terminal access on my server
- Changed and rerouted domain lookups to a pornsite through URL redirection
Digital Ocean sent me a couple of warning notices and I was made to look like someone who is using the server for ill intentions by the hackers. I clarified and tried to fix the issues that Digital Ocean highlighted but eventually I had to delete the entire server instance, which Digital Ocean calls them Droplets (Cool concept huh?)
The thing about learning, you need to first learn to let go and always be ready to start again.
It is a good thing that Ghost.io started a subscription service. Power to the cloud. For now I will let the experts do the managing. I love wordpress and before that I used to develop and manage joomla websites. Ghost is the next evolution of web content management to come up. I really look forward to how the platform will continue to grow and expand.
So here I am back at writing about stuff that no one really cares about but true to the nature of the site. It is made to change. It has always been my playground and this site puts into words, my mind's playground.