James Kovacs

altnetpedia Back in Business

Earlier today, an unknown hacker exploited a security vulnerability in ScrewTurn Wiki and replaced the altnetpedia site with pron links. I have restored the site and upgraded to the latest version of ScrewTurn, which is v2.0.30. (We were running v2.0.21 and the vulnerability was fixed in v2.0.24.) My bad for not keeping the site updated with latest. I apologize to the ALT.NET community for not being more vigilant with patches to the wiki software. I've added the ScrewTurn RSS feed to my reader to keep me apprised of future fixes.

To the unknown hacker, I hope that you're satisfied. I had booked the afternoon off to take my two boys (ages 3 and 5) to the Science Centre, but instead spent it undoing your evil.

Published Apr 22 2008, 05:36 PM by james.kovacs

Filed under: Miscellaneous

Comments

Erik said:

Ah man. My condolences on the loss of your free time - I've been there myself. =(

# April 22, 2008 8:20 PM

sergiopereira said:

Phew. For a second I thought all those new wiki entries were some of the more interesting open spaces sessions that I missed.

# April 22, 2008 9:01 PM

Chris said:

just wanted to let you know that there's still some lingering effects of the hack on the sandbox page of the wiki.

# April 22, 2008 9:42 PM

Jimmy Bogard said:

Thanks James!

Although it did round out my knowledge of a few Asian foot fetish sites I missed in my intertubes adventures.

# April 22, 2008 9:47 PM

james.kovacs said:

@All - Thanks for understanding, everyone.

@Chris - Thanks for the heads up. I have unloaded the Sandbox plug-in completely so it won't reload on a site restart. A quick investigation revealed that the Sandbox plug-in allows anonymous users to modify content. Although the content isn't stored on disk, someone has a spambot pointed to the page to add pron links whenever the site restarts.

# April 22, 2008 11:05 PM

Dew Drop - April 23, 2008 | Alvin Ashcraft's Morning Dew said:

Pingback from Dew Drop - April 23, 2008 | Alvin Ashcraft's Morning Dew

# April 23, 2008 8:28 AM

Bryan Reynolds said:

Sorry for your loss. With technology as pervasive and complex as it is in all of our worlds no one can catch and be on top of all things.

The hacker does not care. No guilt, they feel they are doing you a favor.

# April 23, 2008 4:37 PM

Name (required)

Your URL (optional)

Comments (required)

Remember Me?

Enter the numbers above:

Add

About james.kovacs

James Kovacs is an independent architect, developer, trainer, and jack-of-all-trades, specializing in agile development using the .NET Framework. He is passionate about helping developers create flexible software using test-driven development (TDD), unit testing, object-relational mapping, dependency injection, refactoring, continuous integration, and related techniques. He is a founding member of the Plumbers @ Work podcast, which is syndicated by MSDN Canada Community Radio. His article, “Debug Leaky Apps: Identify And Prevent Memory Leaks In Managed Code”, appeared in the January 2007 issue of MSDN Magazine. James is a Microsoft Most Valuable Professional (MVP) - Solutions Architect and card-carrying member of ALT.NET, a group of software professionals continually looking for more effective ways to develop applications. He received his Masters degree from Harvard University.