Sunday, June 14, 2009

Violated by Rainbows and Fail Whales

I do a lot of web design. It's work I enjoy. In the years I've been doing it, I've never been hacked until this week. That's more than 10 years of pro web-dev without an incident.

On June 11th Google scanned my customer's site and found a script hack on the main page. This appears to have set off an interesting chain of events.

First, my ISP ( did not notify me. Now I'm wondering if they're scanning for viruses? I've opened a ticket with them to find out.

Second, the bug was discovered by users - which is annoying and disappointing. Ideally the virus-scan software for the ISP would run daily and notify the web admin of infections that couldn't be healed.

Third, Google flagged the site as a source of "Suspicious Activity."

[Just want to add that I hate IE for not having a built-in spell checker. I accidentally launched that blue-turd by mistake and didn't realize it till just now. Pause as I save a draft and flush that piece of crap from my system's memory.]

OK - so I tried to fix the infected file and finally got that resolved. You can go to the site now without problems! Unless...

Unless you happen to be using the Google Toolbar, that is. In which case you still get a big alert message instead of the actual site. Seems that google caches their assessment and you have to get them to go back and re-scan your site in order to clear yourself of the SCARLET LETTER OF SHAME. How long will that take? No idea - there isn't any ticket system or estimate provided.

Oh, and it looks at this point like that SCARLET LETTER OF SHAME may feed over into Twitter. it seems like either through the Twitter API or some variant (I had embedded twitter utilities on the site and a reciprocal link to the customer's site on Twitter) good ol' Twitter has decided that the client was suspicious.

There is a human component in the Twitter "suspend" policy. Probably what happened is that the system flagged "suspicious" and then when the person went to the site they got the Google "THIS SITE HAS EXPLODING HERPES" warning. Good enough for a suspension, no doubt.

I'm guessing here. Twitter and Google are - despite their relatively open APIs - black box organizations. Try finding the "how to challenge my account's suspension" on the Twitter site.

What a laugh.

So I should be mad at the hackers, right? I have a hard time because they probably did a scripted attack at random. It's just really annoying when companies take on the role of Kafkaesque entities when they'd previously been sunshine and unicorn farts.

No comments:

Post a Comment