Posted On

Michael Foong About a few months ago I thought I have lost my domain mikefoong.com to hackers as it was pointing to a porn site. This was discovered by a friend who just added me on linkedIn and she decided to check out my website. I might have lost some jobs and credibility due to that I suppose. I immediately removed the website link.

mikefoong.com was pointing to a porn site

I started pulling back my sleeves and tried to dig out my old system administration hat and try to figure out who has taken over and how do I change or claimed back my domain. I was beginning to regret not paying for any domain protection. Come to think of it, I still haven't paid for any.

I guessed it all started when my server was hacked. I paid for a $5/month VPS subscription on digital ocean. I installed node.js and ghost. The internet newest serverside engine. Node.js is an interesting piece of technology which processes serverside javascript and render dynamic applications on the web. The web needed a more dynamic engine for web applications to evolve and since Javascript have been the language of the dynamic web for awhile now, they have made the technology executable on the serverside. Making dynamic web applications faster and easier to code. All this is all good however it is not for the average user who are not coders or old hacks like me who don't code anymore. I wonder why i ever stopped. Oh yeah, growing up and not having enough time. This is where Ghost came in.

Node.Js Logo

Node.js the internet newest language. Ghost.io the internet's latest content management wonder

Ghost.io is a web content management system build entirely on node.js. and modernised to support multi-device, dynamic screen re-sizing, orientation and most importantly responsive web and sensitive to the touch.

So I went back to coding javascript and css and using libraries developed for Node.js, I started experimenting with node.js. I fell in love with coding again. I developed a version of my initial website and was progressing quite well and then I discovered Ghost. I digressed and checked out Ghost and lighting struck twice and kinda left me dazed with it. I installed the community version of Ghost and modified the themes and started writing/blogging again.

Ghost.io Logo

The problem with middle-age and growing old is that you don't have a lot of time to learn or keep learning. Learning takes a whole lot longer and sometimes it is longer than each minor or major update to a piece of software or library or a collection of components. So lacking the management skills of a seasoned programmer and not have a CVS set up. I lost track of what I needed to do and what components I have used and how they are used and that lead to some security vulnerabilities.

I can't pinpoint exactly where the vulnerabilities are but I can roughly paint a picture of the attack. They (the hackers) tried to:

  • Sequence of events:
    1. Overload my server instances using DDOS
    2. Started to gain access to my vulnerabilities through my ports
    3. Exploited one of the vulnerabilities to get terminal access on my server
    4. Changed and rerouted domain lookups to a pornsite through URL redirection

Digital Ocean sent me a couple of warning notices and I was made to look like someone who is using the server for ill intentions by the hackers. I clarified and tried to fix the issues that Digital Ocean highlighted but eventually I had to delete the entire server instance, which Digital Ocean calls them Droplets (Cool concept huh?)

The thing about learning, you need to first learn to let go and always be ready to start again.

It is a good thing that Ghost.io started a subscription service. Power to the cloud. For now I will let the experts do the managing. I love wordpress and before that I used to develop and manage joomla websites. Ghost is the next evolution of web content management to come up. I really look forward to how the platform will continue to grow and expand.

So here I am back at writing about stuff that no one really cares about but true to the nature of the site. It is made to change. It has always been my playground and this site puts into words, my mind's playground.