Oddness

27 April 2011
After a long hiatus and some prodding from the community (http://www.ashimmy.com/2010/05/calling-all-security-bloggers-come-out-come-out-where-ever-you-are.html) I decided I needed to start blogging again. Unfortunately when I went to update my site last night I found that calls to the URL returned 404 errors. Perplexed I logged into my hosting provider and found that the directory that once contained my Drupal site had been replaced by a directory called "drupal_hackable_contact_admin" and the permissions had been changed to make it inaccessible. I immediately suspected the worst and becan sifting through log files and database records, but nothing seemed amiss. Either the attacker was extremely clever or the hosting provider themselves had done something. I found evidence that someone had profiled my site exploiting a Drupal version disclosure issue (ref http://www.madirish.net/?article=214) just prior to the site going offline. When I filed a support ticket I was told by level 1 support that likely the abuse team had done something. It was late at night so I left it alone, but when I came back to the site the next morning my trouble ticket hadn't been updated. I filed a follow up and discovered the directory had mysteriously been renamed back to the original. I got escalated to level 2 support, who said that they were surprised abuse hadn't gotten back to me. I really lament the absence of small ISP's because there was a time when I could host my site at home. Unfortunately with all the mega-ISP's out there blocking ports and such it's not really feasible for me to do this any more. It's a shame because I'm more than happy to take charge of the security of my own site and I wouldn't have to worry about stuff like the "abuse" team taking my site offline for inexplicable reasons and failing to even notify me. More to follow as it becomes available...