My blog dissappeared a while ago, due entirely to some rather anoying hackers. Credit where its due though, Barclays Bank managed to pursuade my internet host to completely shut down my entire site imediately... and neglect to tell me about it!!! First I knew was when I no longer had e-mail. A short phone conversation and my domain name was re-instated minus the offending pages, along with some rather threatening e-mails from the bank which filled in the blanks for me.

   There is a lesson here, if you want to shut someone's web hosting down fast, pretend to be a bank. The real lesson for me though is not to use publically available scripts. I had chosen to use some well known freeware blog software rather than write my own, on the basis that I don't blog that often so why bother writing my own when very competant versions exist in a pre-built state. Unfortunately for me it suffers from some kind of flaw that is being freely exploited by scam artists, it enabled them to upload their own pages with which they perpetrated their scam.

   For my part this is the second time I have used 3rd party scripts, last time it was bulitin board software and that too suffered from an exploit, although that one only enabled people to get admin rights. Easy fix for that was to use a .htaccess file to enforce server level passwords on the admin pages. I had done that for the blog, but it appears the code in its scripts was so badly written people didn't need to hack to the admin pages. Oh and shortly after all this happened someone worked out how to use the tell-a-friend script to mass mail people, so that has been taken offline till I can write my own!

   So from now on I will be doing what I have always done in the past, writing my own scripts so that I can be confident a 3rd party flaw won't compromise my website again. Its all very well having open source (or paid available source) as a way of identifying flaws, but the downside is that hackers can find the flaws too, and it also places a responsibility on users to regularly update these scripts regularly. At least with my own closed source scripts any flaws won't be found easily, and I can follow all sensible advice to make them secure. Because they are my own scripts that only I use there is also very little benefit to hacking them, the only reason modern wrong do-ers hack stuff is to make money, which requires finding an exploit in something that lots of people use, and that doesn't apply to a script only I use. The process is devilishly simple for hackers, just google for the script name and version number, and get back hundreds of hackable servers, because just about every script out there likes to advertise itself with some kind of "powered by" text. Its the webmaster equivilent of some of the highly prevelent Windows XP worms which will infect a vulnerable PC in minutes

   So thats my rant over with, and really it is my own stupid fault for using supposedly trustworthy 3rd party scripts. Doesn't matter which one you pick, if its popular enough it will get compromised regardless of how secure it claims to be. Its a slightly sad state of affairs but its the world we are in on the web these days, you either entrust this kind of regorous maintenance to a company that gets paid to spend its time keeping your scripts up to date and secure, or you use a service like blogger which just provides the tools for you. The DIY approch is becomming increasingly hassle filled. I think maybe this means that the internet has matured as a community. Certainly its high stakes and big money for those that wish to use the net for crime.