To my beloved “hacker”

Five minutes ago I received an email saying that I “was owned”… I immediately said to myself that this was impossible… someone making me hovor of hacking my webpage? It made me feel so special… I wouldn’t worry for a second about my material for three reasons:

  • It’s completely useless to everyone
  • I have backups
  • It’s completely useless to everyone

So immediately I typed krizhere.com in Opera and I was shocked… everything was fine! Oh what a disappointment! But then I realized that the email had been sent from my webgallery so that was probably the one that was hacked… and it was for real:

Warning: main(includes/mg2_functions.php): failed to open stream: No such file or directory in /home/kriz/public_html/photoz/index.php on line 54

Warning: main(includes/mg2_functions.php): failed to open stream: No such file or directory in /home/kriz/public_html/photoz/index.php on line 54

Warning: main(): Failed opening ‘includes/mg2_functions.php’ for inclusion (include_path=’.:/usr/lib/php:/usr/local/lib/php’) in /home/kriz/public_html/photoz/index.php on line 54

Fatal error: Cannot instantiate non-existent class: mg2db in /home/kriz/public_html/photoz/index.php on line 56

I felt so proud!!! But I had to try to fix things… I was in the middle of writing a problem for my quantum final but I gave myself a couple of minutes just to see if I had lost everything or I’d have just to reinstall MiniGal. Obviously index.php was there but it seemed that I was missing a file named mg2_functions.php. I went to restore the file in the includes directory and then it hit me… I WAS SO STUPID!!! leaving write access to such a directory is like shooting yourself in the foot… which I had just done quite successfully!

I just replaced the file (and changed permissions of course) and all was okay 🙂

Oh well… and I thought it would be a real hacker… maybe next time… until then if you find another directory liker that please let me know 🙂

*** EDIT: Apparently there is an exploit in MiniGal that I was unaware of: MiniGal MG2 Image Gallery Name Field HTML Injection Vulnerability. Because of that I’m currently disabling the comments system and I’ll start searching for a different web gallery. Unfortunately most of them need PHP’s safe mode set to on, something that my current host doesn’t provide (for free)…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s