Comments on: What happened

By: MartinG

MartinG — Fri, 28 Oct 2005 23:40:56 +0000

That's a damn shame, crackers are so pathetic.

Also a shame you didn't get around to write a blog about Serenity, would have liked to read your opinion on it.

By: Marie Maaking

Marie Maaking — Thu, 20 Oct 2005 20:45:54 +0000

Great blog. I just wanted to let everybody know about a great new website for screenwriters. Often, I look to other scripts for formatting and other reasons. http://www.scriptbandit.com has over 500 scripts and lots of screenwriters resources. You can even send a text message and submit your own script!

By: Sonny

Sonny — Thu, 13 Oct 2005 05:30:08 +0000

Sorry to hear about the hack who hacked you. Just wanted to say that I’ve been reading your blog for a bit now and I love it. It’s helped me through many a screenwriting questions at 3 am. Inspired me to start my own: http://sillypipedreams.blogspot.com

By: 120-Page Monster

120-Page Monster — Wed, 12 Oct 2005 14:46:03 +0000

Visitors? I was thinking you had folks over to see the baby. Good work getting things back in order, John.

By: Jaime Johnson

Jaime Johnson — Wed, 12 Oct 2005 05:34:52 +0000

John, I love your site, and I’m extremely grateful you’re sharing yourself with us all here. I especially like your “geek out” posts. I can’t say I understand everything, but one never learns by running away from the unknown, so I try. I understand why you’re pissed about being (what barely qualifies as “hacked, more like script kiddied), and I realize that nobody can stay 100% up to date with every security vulnerability out there. However, I must say I’m a little taken aback by the general reaction to the hack by pretty much everyone commenting. “String ‘em up by the balls!” “Sue ‘em!”, ad nauseum. You had the decency to acknowledge that this was a known exploit that you missed. And it really was hit with a very low level of sophistication. I’m always cheered by the fact that you lean toward the open source stuff. You might not have found out about the hacked vulnerability so fast if it weren’t for the rapid pace at which these things become known and are patched in the open source world. But really, one can’t leave one’s car windows open and the keys in the ignition without some joker jumping in for a joy ride (I know, weak analogy). I’m not saying anyone deserves to be hacked, but we all have the responsibility of keeping current and covering up holes that turn up now and then, even if it is a nuisance. I notice that Postnuke was warning users on August 16th, 2005 to remove the offending file from their installations, and WordPress was updated with a security fix and a temporary fix involving removal of xmlrpc.php on June 29th, 2005!!! And you say it took about an hour to upgrade and get the site working for the most part. One hour, a few months sooner could have saved you all this trouble. The Web is just an extension of the real world, with all the same losers and doofbag goatfucks out to mess things up for no particular reason than to feel important for five minutes. In fact, the anonymity of the Internet encourages these spineless pukebags to do things they wouldn’t imagine trying in real life if there was any danger of getting caught. Again John, I love your site; it gives me a lift every time, so thanks. I was just a little freaked out by the knee-jerk violent reaction of some of the posters.

By: Lee

Lee — Tue, 11 Oct 2005 19:48:25 +0000

For those of you who like WordPress but aren't quite ready to take the plunge and go for a version you look after yourself, there are a few other options. Blog Thing offers a free service which is powered by WordPress and the WordPress team are in beta testing of a hosted service over at WordPress.com.

By: Colleen

Colleen — Tue, 11 Oct 2005 18:12:37 +0000

Ugh. See? No URL. I can't even post a comment without screwing something up.

Sigh...

By: Colleen

Colleen — Tue, 11 Oct 2005 18:08:11 +0000

As a blogger with weak HTML skills, this scares me. I recently took the plunge and signed on (for two years!) with a hosting company, intending to move the blog from TypePad in a new, WordPress incarnation. I do like the open source, and I've heard so many good things about WP.

Hearing of your nightmare, I don't know anymore. Am I really up for that much under the hood work? Could I handle the situation with the kind of speed and aplomb that you did?

You're really quite remarkable to do two things so well, you know. Most of us can't manage that level of proficiency with one.

Oh, well. It's back to the WP boards for me. And maybe I'll just link to the TypePad blog for awhile.

By: Justin

Justin — Tue, 11 Oct 2005 15:30:18 +0000

Yeah, upgrading can be a pain sometimes. It’s just so easy to leave things as is ….

By: Lee

Lee — Tue, 11 Oct 2005 08:00:20 +0000

I got hit on one of my sites while running one of the older 1.5 installs, so the moral is, pay attention when they launch a new version and if security is one of the enchancements mentioned, upgrade immediately.

As for comment spam, I use one of the comment preview plugins alongside WordPress's default anti-spam options which seems to stop 99% of spam getting through and 0% making it past the moderation queue.

By: Craig Mazin

Craig Mazin — Tue, 11 Oct 2005 07:11:20 +0000

Hmmm, dare I bring up Movable Type at this point?

MT has a plugin called SpamLookup which has essentially blocked all comment spam. I have no captchas on my blog. No registration or email requirements. SpamLookup sort of works in the background, and whenever I do stop in to check its logs, it never registers a false positive (unless someone tries to make a legitimate comment with some of the specific words I've blacklisted). Quite happy with it.

Having said that, I'm awfully sorry you went through this, John. Bravo for getting back up so fast.