(It’s the only way to be sure.) Hello again — So the problem around here has been some kind of malware injecting tiny iframes that link to suspect sites when people visited through Google. This is a relatively common hack, but I’ve been having serious trouble figuring out the vector. (It didn’t help that my soon-to-be-ex-host is AWOL, the Movable Type forums are a dead zone, and that I’m very much of the n00b persuasion when it comes to coding and server-side issues, although I’m considerably savvier now than I was this time last week.)
Anyway, after rolling back everything and reinstalling MT (twice), a lucky scan using this White Fir tool uncovered this nasty bit of work lurking in my mt.js file:
(I say lucky, but I have a suspicion this code is only visible on the first scan from a given source. The reason I started suspecting mt.js is because it was considered an additional link on the first Sucuri Sitecheck scan I did…but only that first scan, not on subsequent ones.)
Anyway, even with my changing that first “write” above, this code still looks scrambled to all hell. But, whatever it does, unlike Mr. Pibb and Red Vines, it’s also clearly crazy malicious, and thus has been swiftly airlocked.
To be honest, I’m not still not sure what the original vector of infection was — I’m hoping it was some sort of cross-scripting vulnerability of an earlier version of MT. But I also feel like I deleted this mt.js file and rebuilt it from scratch using an all-new MT 5.14 default template a few days ago, and the problem was still extant. (I’ve also scoured my MySQL database for tricksy scripts like “eval,” “unescape,” “basecode64” etc. Nothing there.)
So, at the moment, Google’s given GitM a clean bill of health again. Let’s hope it holds. In the meantime, everything I said in the last post stands — I’ll need to find a new host for GitM at some point. But, for now, I’m trying to knock out these last few chapters, so I’d best get back to it. Hope everyone out there is well.
P.S. I’m aware comments have been acting funky as well and that the comment box comes and goes. Apologies if you are a real human being who has tried to leave one in recent days. I think it’s fixed now — the comment spam seems to be getting through, in any event.
Actually, no, not yet. But I wanted to quickly explain the reason for the retro-look around here, and since tonight is also the movie event of the summer, it seemed like a good time for a brief update regardless. (All apologies to The Avengers, of course. If it’s any consolation to Whedon’s fine film, the “movie event of the year” will be The Hobbit in December. And at least you were great fun and not a half-assed disappointment like Prometheus.)
Anyway, life continues much as it has this past age. I work, Berk — fully recovered, minus one toe — barks at things. We’re leading a pretty solitary existence these days — hello, 2007 again — and it has its depressing moments, to be sure. But we’re getting by.
The good news is, and the reason why I won’t be returning to GitM for now, is that I’ve spent pretty much all my free time these past few months cracking out my long-neglected dissertation. At this point, I’ve got ten chapters and 800 pages written, which, I’ve been informed, is more than enough to defend for the degree. (I defend this fall.) But since I’ve finally come this far, I want to push through until I complete the project in its intended scope — which means four more chapters and, assuming a productive August recess, probably at least two-to-three more months of working evenings and weekends to go. When that’s finally done, I’ll be more inclined to reconnect with the world at large and take up the Ghost once more.
(And, yes, I know that nobody wants to read 800+ pages on progressives in the Twenties, or for that matter, 800+ pages on anything. I also know that all the time I’ve spent on this would probably have been better served just writing bondage-y Twilight fan fiction. Oh well.)
The bad news is, along with a gunfight breaking out above my head last weekend, the forces of entropy have conspired to infect the old blog here with some sort of google-hit-stealing malware. This has made the Google wrathful, and it has banished this poor, lowly Ghost to the unclicked shadowlands with the other leprous websites. It’s my fault — MT was way out-of-date. I was going to have it updated this past winter, along with a general overhaul of the look of the site. But the old blog-“friend” I hired to do the job took my money and then disappeared with it. (That turned out to be the opening salvo of the frozen-run-of-luck that precipitated this whole “interregnum of despair” around here.)
Anyway, in order to root out the infection, I’ve upgraded to MT 5, rolled back to the default templates, and rebuilt the site — Hopefully this finally does the trick and Google takes us back. If it does, and when I have the time, I’ll work on gradually fixing up the look of the Ghost again. (That is, presuming I learn to master all the intricacies of the non-coder-unfriendly new Movable Type. (Zemanta? What the?)) Until then, thanks for the patience and understanding, have fun in Gotham this weekend, and thanks, as always, for stopping by.
Update: Still on the wrong side of Google, and running out of ideas at this point. And my host — the once reliable Cornerhost — appears to have fallen off the Earth. So I guess, first things first, I’ll have to move everything to a more reliable host. If anyone has any keen infection-fighting ideas, please do pass them along. Otherwise, I’ll see ya when I have time to sort all this out.