Save me from utterly clueless “techs” who make you sit there for twenty minutes while they “check the problem”, then return to tell you that “add-content-block.net is working fine.” WELL FOR CHRIST’S SAKE, I KNOW THAT MUCH! WHY, EXACTLY, DO YOU THINK I CONTACTED YOU IN THE FIRST PLACE?
P’s message board got hacked; he didn’t notice it until D.H. and D.C. were both blocked from accessing it, both using NAV. No other AV reports any problem. I looked, and discovered that while his domain was allowed to run scripts, NoScript was blocking another…add-content-block.net. That shouldn’t have been happening; that domain has nothing to do with us. He called IX and the tech (hah!) told him that a couple of his directories had permissions set to 777 (and I dimly recall having told him, “Are you insane?” when he was trying to get something-or-other to work). Okay…his own fault for having a “Fuck security–whatever it takes to make it work” Windows user mentality. I’d done some research, trying to help him figure out what’s going on, and why, and apparently, this is some sort of script that can be put on WordPress, phpBB, Joomla, osCommerce and maybe others; it exploits a security hole in IE (gasping in shock), and attempts to redirect the user to a phishing site. P and I both tried it, using different AV software, but couldn’t get a hit; I think now it was because we both use FF. Anyway, it’s apparently very hard to remove, and even after it is removed, it comes back. If he could get switched to IX’s new servers that run PHP as CGI, and therefore don’t need 777 permissions to give applications access, then it would stay clean. IX is (predictably) denying that it’s anything but a user problem. Anyway, I logged in here last night to bitch about something, and lo and behold, once I logged in, I noticed that NoScript was reporting a blocked script. The only domain that should be running scripts here is my own, which I whitelisted, so I checked. Sure enough, there’s good old add-content-block.net, trying to run its hostile script. Since it does not run when reading the main page, only to write, and I disabled comments, which protects my huge readership (hi to both of you!), and the script works only in a browser I don’t use, on an operating system I don’t use, it’s no big deal, but it kind of bugs me that it’s there, so I thought, “Oh, what the hell–nothing better to do this morning,” and I contacted a “tech” on IX’s Live Chat. I somehow don’t think good old Oleg (Jesus, where do they come up with these names?) was paying any attention at all. I emailed myself a transcript:
info: Please wait for a site operator to respond.
info: You are now chatting with ‘Oleg Kovalenko ‘
Oleg Kovalenko : Welcome, my name is Oleg, please let me know how can I help you today?
Oleg Kovalenko : We have not heard from you. Do you wish to continue the chat?
you: I use Firefox with an add-on called NoScript that blocks scripts by default unless I specifically allow them. When I log into my blog to write a post, I notice that scripts are “partially allowed”. Bettatude.com is allowed, because I whitelisted it, but another from add-content-block.net is being blocked. I have nothing to do with add-content-block.net, and there is no reason a script from that should be trying to run on my page.
Oleg Kovalenko : Could you please provide the domain name?
you: bettatude.com
Oleg Kovalenko : Please hold on, let me check
Oleg Kovalenko : I’m still checking your issue, please stay on hold.
you: I’m not going anywhere. 🙂
Oleg Kovalenko : Ok, thanks.
Oleg Kovalenko : As I see add-content-block.net works fine.
Oleg Kovalenko : Could you clarify your problem.
you: That is precisely my point. Why is that script even trying to run? I have nothing whatsoever to do with add-content-block.net. My domain is bettatude.com and no other. That script does not belong there; only bettatude.com should be running scripts on my blog.
Oleg Kovalenko : How I can reproduce you problem?
you: Well, as I said, I see the script being blocked (because I use a browser add-on) when I log into my blog at www.bettatude.com/blog to write a post.
Oleg Kovalenko : You may use other browser, there are not problems from our side.
you: Thanks, but I already use FF with scripts blocked, and I use it on Linux. From my research, this appears to be a script that exploits a security hole in IE. It does not affect me in the least–I don’t even use Windows, let alone IE–but *the script should not be there*. Never mind. Thank you for your time.
I had sat here for a good fifteen minutes, waiting for him to “check” (read: go on a break, or actually look and not immediately discover that I had a directory with write permission enabled for all, so he couldn’t blame me), just to see what would happen. I knew they wouldn’t admit it’s their old server setup that caused the problem–I’m running a bog-standard WP install with a couple of officially-sanctioned plugins, and have changed permissions on exactly nothing–but Christ, I thought they’d at least tell their techs to pretend they’re paying attention! Today is my day off, so unless I get distracted or find something more interesting to do, I’ll probably call what they laughingly refer to as “tech support”, just to see what they say. My account expires in December, and P’s (I think) in January, and I’m going to suggest to P that we switch to Hostgator. IX used to be really good, but they’ve gone to hell in a handbasket over the last couple of years, so as far as I’m concerned, they can stick their shiny new servers in Kentucky right up their collective arse. 🙂
Oh yeah…took me forever, but finally, a nice, neat 8×8!
