JUST GOT HACKED

[Zero Piraeus]

:

Imagine, if you will, a pub landlord. I'll call him Nick.

The pub Nick manages is a run-of-the-mill affair: he leases it from a
brewery, and they look after most of the technical aspects of the
business. When it comes down to it, Nick is just a reseller of alcohol.
If one of the regulars mentions that they like Joomlager[1], all he has
to do is call the brewery and they'll handle the rest.

After a little while, Nick decides that his six months experience behind
a bar qualifies him for greater things. He's heard that the cool kids
are all drinking artesanal, micro-brewed Python Ale these days, so
thinking to himself "how hard can it be?", Nick throws syrup, yeast and
water into a big bucket next to the bar (reading up on how to do it
properly is too boring for Nick), and after a week or so, he's got a
sludgy mess for his trouble.

"Great!", thinks Nick. "I can sell this no problem".

Unsurprisingly, Nick's "beer" is awful. His customers aren't that fussy
(they're in Nick's bar, after all), but the stuff doesn't even seem to
get you even slightly merry, and a couple of people have gotten ill
after drinking it.

Undaunted, Nick decides to stick at it. He still can't be bothered to
learn anything about fermentation or any of that boring crap, but that's
okay, because he's discovered the local Python Ale Brewing Club.

The PABC is a friendly, helpful bunch, and a lot of the members really
know their stuff. For example, when Nick asks "how do I avoid letting
that scummy residue into the glass when I dunk it into the bucket to
serve someone?", they try to explain to him that a) serving directly
from the same bucket he brewed in is a bad idea, and b) if he'd brewed
it right, there shouldn't be any scummy residue in the first place.

Of course, Nick doesn't have time for any of that - he just wants an
answer to his question. He resolutely ignores anyone who tells him
things like "anyone could spit (or worse) in that open bucket; you need
to think about safety", and if someone tells him he should add malt to
improve the flavour, he just throws some ovaltine into the bucket he's
serving from, along with any half-finished drinks left by his customers.

Meanwhile, a lot of the members of the PABC are getting tired of Nick
asking the same questions over and over again, and not listening to the
answers - and especially his casual disregard for the safety of his
customers. They're enthusiasts, after all, and he's the kind of guy that
gives drinking establishments a bad name.

So, one night just before closing time, one of them pours bright green
food dye into Nick's bucket - nothing that would hurt anyone, but
something that Nick couldn't fail to notice before opening up the next
day. It's a little sketchy to adulterate his product like that, but he's
proved impervious to everyone's attempts to get him to take safety
seriously - maybe *this* will shock him into action.

Sure enough, the next morning Nick starts crying about how someone has
poisoned his beer. It's okay though; he's covered the bucket with a wet
towel, and he challenges anyone to get past what he believes is his
now-perfect security.

 - - -

In other words: you weren't "hacked". You'd been repeatedly told that
you had publicly visible source code on the net containing passwords in
plain text; all anyone had to do was login to your server with the
credentials you negligently exposed, and open a text editor. If that's
hacking, I'm Neo.

That's not to say someone else *hasn't* pissed in your bucket, but if
they have, they won't have publicised the fact.

By the way: if you haven't already, you'll want to remove the extra line
from your .htaccess file. And in case it isn't obvious: no, it wasn't
Mark Lawrence.

 -[]z.

[1] "It's a bit rough, but it gets the job done. Gives you a terrible
hangover, mind".

-- 
Zero Piraeus: flagellum dei
http://etiol.net/pubkey.asc