Two Chaosbunnies in the desert: Faffing

Part 1 of this saga is here. Part 7 of this saga is here.
Part 2 of this saga is here. Part 8 of this saga is here.
Part 3 of this saga is here. Part 9 of this saga is here.
Part 4 of this saga is here. Part 10 of this saga is here.
Part 5 of this saga is here. Part 11 of this saga is here.
Part 6 of this saga is here. Part 12 of this saga is here.

Fresh from the spectacular triumph that was Susanville, the semi-mythical old mining town on the end of an ancient and long-derelict road that nobody save Apple knows about (and boy, would I love to know how Apple added it to their maps!), we spent the next couple of days in a kind of Ghost Town Limbo. We had entered that period in our adventure I have come to think of as The Faffing.

It is a fact known to anyone familiar with the Great Northwest that the ruins of nineteenth-century boom town lie in scattered disarray across the countryside like clothing at a drug-fueled Roman orgy. Once you get into the desert of the Great Northwest, it’s difficult to swing a cat without hitting the remains of some old logging or mining building from the 1800s.

That is, in fact, exactly the point of our journey. Other countries, possessed of a less exuberant excess of rolling countryside that nobody much wants, or perhaps gifted with a more pragmatic approach to resource allocation, don’t have long-abandoned towns that just kinda sit around for a century and a half because nobody can be arsed to do anything about them.

And even in places where people do want to do things with the land, there’s just so damn much of it that if there happens to be an old tumbled-down log cabin or a gold processing building building of some sort, nine times out of ten it’s easier to work around it than to move it. So it stays there, quietly being Somebody Else’s Problem.

It’s this sort of neglectful attitude toward the dwellings of times gone that drew Bunny to the tour, as her native land of the United Kingdom of Britainlandia is, being on an island, much more conscious of making use of every square meter or hectare or whatever the hell unit of measure they use all the way over there.

So during The Faffing, we saw, and photographed, a great many tumbled-down buildings standing silent testimony to times long gone, though we were rather less successful in finding any real ghost towns. What ghost towns there are are often poorly marked, and the ones that are well-marked, we discovered, seem to be conspicuous in their existential absence when one goes to the appointed spot.

The Faffing was not a time of no productivity, but it certainly didn’t compare to the discovery of what was left of Susanville. Still, we did discover some pretty neat stuff as we wandered about aimlessly in the Adventure Van.

Like this abandoned building and rickety, half-collapsed footbridge over a surprisingly deep and treacherous creek, spotted by Bunny’s eagle eye as we drove down some county road or other.

Or this house, which looks like it ought to feature quite prominently in an episode of Scooby Doo. It was on the outskirts of some quiet little town in Oregon whose name I’ve already forgotten, but man, if I were a kid living in this town, this place would likely haunt my nightmares.

There are tons of old farm buildings lying in ruins all about the Pacific Northwest, some of which look like they might collapse into dust if some poor unsuspecting sod the next county over sneezes too vigorously.

We struck gold with this find, the remnants of an old one-room school building a couple miles outside the semi-but-not-really ghost town of Shaniko, Oregon. Bunny, as per usual, spotted it and said “Hey, pull over!”

The schoolhouse looks a lot Little House on the Prairie and a lot more “Outtake from an episode of Dexter” these days, which adds, I think, to the ambiance. It’s a cool old building, for sure.

We took a random detour from looking for old ghost towns when we spotted a sign pointing to a lava flow in an ancient forest, because, you know, chaosbunnies. The detour took us a lot farther out of our way than the sign suggested, but after quite a lot of travel, we did indeed eventually come to the ancient lava flow.

Oregon’s terrain has been shaped by catastrophic geology, much of it volcanic. Enormous seas of lava once covered quite large expanses of it, wiping out everything around them and leaving behind terrain that, millennia later, still looks kind of like a lunar landscape.

Where these huge flows of lava encountered forests, the lava encased the trees in solid rock. The trees died and disappeared, leaving these formations as their only remains.

We took quite a few pictures, but as this was only incidental to our real purpose (if indeed chaosbunnies can be said to have a “purpose,” as opposed to a mere intention) we did not linger long, and were soon off.

We found some more ruins, this time just outside yet another town whose name I’ve already forgotten but that seemed to be a regional freight transportation hub, judging by the astonishing number of large trucks that formed an unending stream of traffic through the town.

It really is quite astonishing just how many of these ruins lie about, being ruins. We stopped frequently to take pictures of yet another ancient relic of centuries gone by, sometimes to the consternation of state police who wanted to make sure that we hadn’t abandoned the van and headed off through the countryside with cameras and bunny ears and tea because we were, you know, like, in trouble or anything.

Just what set of unfortunate circumstances might force someone to abandon a van armed only with these three aforementioned things is not entirely clear to your humble scribe. Still, it is gratifying to know that people were looking out for us.

We still had some interesting random discoveries, and a few moments of stark terror, closing inexorably in on us, which I shall detail in later episodes of this chronicle.

I have a small stuffed hedgehog that accompanies me almost everywhere I go. Her name is Lilith. Those of you who saw us on the European book tour likely recognize her. Lilith rode on the Adventure Van’s dashboard during The Faffing, and appeared quite unfazed by the whole experience.

ISIS, WordPress, and insecure Web hosts, oh my!

It is a fact universally acknowledged that running a WordPress site is a dangerous thing to do. WordPress is often attacked by hackers, because so many sites run it and so many people are not good about installing security updates. The hackers will use the commandeered sites for all sorts of nefarious purposes: installing malware, hosting phony bank pages that they then spamvertise in “Update Your Account Now” spam emails, hosting redirectors that lead people to spam or porn or phish pages.

I get a lot of spam emails, and when they lead to phony bank pages I will often check the top level of the site that the phony bank page is hosted on to see what’s going on. As often as not, the phony bank page is living on a WordPress site whose owner chose a bad password or was negligent about updating, and got pwn3d.

So it was that I found a fake PayPal page and, when I checked the home page of the hijacked site it lived on, I saw something odd: the home page had been deleted and replaced with a message reading “HACKED BY DARKSHADOW-TN AND ANONCODERS”.

I didn’t realize I was about to stumble on a massive (and still ongoing) security breach at two large Web hosting companies, Arvixe and Eleven2.

   

Curious, I did a Google search for that phrase (hacked by darkshadow-tn and anoncoders) and found thousands of Web sites that had been hacked and defaced with that message. And I do mean thousands–nearly three thousand in all.

I started working through the Google list, visiting each Web site to see if the defacement was still present. I discovered that there were three basic types of defacement, almost all of them done to WordPress sites.

Some sites had their content removed and replaced with a simple text message.

Some had the content left alone, but the page title changed to read “+ADw-/title+AD4-HACKED BY DARKSHADOW-TN AND ANONCODERS+ADw-DIV style+AD0AIg-DISPLAY: none+ACIAPgA8-xmp+AD4-“. This appears to be a misconfiguration of the automated tools the hackers used to deface the sites; it seems the hackers were trying to insert this in the page’s body.

Some had a defacement message injected into the body of the Web site, usually at the top.

So, who are Darkshadow and Anoncoders?

Anoncoders is a loosely-organized group of Islamic computer hackers who use automated tools to hack poorly secured Web sites and deface them with anti-Israeli and pro-Muslim messages. They even have a Facebook page and everything.

Darkshadow is a group of pro-ISIS Muslim extremists who, like Anoncoders, often hack sites to deface them with pro-ISIS, anti-Israel, and/or anti-Western messages. They used to have a Facebook page, but it’s gone as of the time of writing this.

So we’ve got a couple of pro-Muslim, anti-Western hacker groups who generally use automated tools to hack low-lying fruit, such as WordPress and Drupal sites that are running old versions or otherwise poorly secured. So far, so ordinary–dare I say, even boring. These kinds of attacks are a dime a dozen.

I started making a list of hacked sites, checking who the Web host was, then sending emails to the Web host abuse address letting them know they were hosting hacked sites.

That was when things got interesting.

As I went through the results of the Google search, cataloging thousands of hacked sites, I started noticing something weird: all the hacked sites were on only two hosting companies. Roughly half of them were hosted by Arvixe, and the other half were hosted by Eleven2, an outfit that’s a subsidiary of a company called IH Networks.

That raised the possibility that this wasn’t merely an automated, script-kiddie attack against a bunch of low-hanging fruit, but a breach of two hosting company’s Web control panel software or some other weak link in the hosting companies’ software infrastructure.

I sent off emails to both Web hosts letting them know they had been the subject of a massive breach.

Unsurprisingly, neither of them responded. I say “unsurprisingly” because I have a long history of discovering massive security breaches at large, popular Web hosting companies that go unrepaired for months or even years.

I sent notifications to both of those Web hosting companies about three weeks ago. Upon re-examining the hacked sites today, I discovered, disappointingly, that the security problems have not been fixed and the sites remain compromised.

So I went back and looked at past abuse reports I have filed with those companies. This is my first contact with Eleven2, but I noticed that hacked sites I had alerted Arvixe to as long ago as last September are still compromised.

It seems there is a lesson here: Both Arvixe and Eleven2 have severe ongoing security problems and are more or less completely indifferent to fixing the problem.

If you use either of these Web hosting companies, I would suggest it might be prudent to examine your site carefully for security breaches, and to move to a different Web host as promptly as possible. It’s never a good sign when a Web host ignores reports that their servers have been breached by ISIS-affiliated hackers.