I’ve upgraded the installation, which has broken certain sections. I’m working on getting most of it up this afternoon.
It’s a long, and kind of interesting story about what happened, which I’ll post once things are working a little more smoothly.
This site is run by screenwriter John August. Mostly, he answers reader-submitted questions about the craft, but occasionally he goes on tangents that run far afield of writing and filmmaking. You'll also find info on past, present and future projects.
On Twitter: @johnaugust
If you have a question about screenwriting or my movies that hasn't been answered, by all means ask. There are a few guidelines to follow.
There are more than 900 articles on the site. You can find category archives at the bottom of every page.
A new short story available for download, Kindle and iPhone.
Articles
October 9th, 2005 at 4:34 pm
Yup, the comment box is broken.
October 9th, 2005 at 5:07 pm
And no 16-word phrase, either.
October 9th, 2005 at 5:13 pm
it said someone hacked into it this morning or something like that.
October 9th, 2005 at 5:34 pm
I’ll have a full recap tomorrow. It sucked.
October 9th, 2005 at 7:34 pm
I’m worried about you getting hacked. I saw the notice of a hack when I checked the site this morning. Was it a vulnerability based on xmlrpc.php problems? That’s a huge scan right now.
October 9th, 2005 at 8:29 pm
I feel your pain. I don’t know about WordPress, but upgrading Movable Type is about as fun as a colonoscopy.
October 9th, 2005 at 8:57 pm
and it’s red :o :D
October 9th, 2005 at 9:33 pm
I’ve been fortunate enough so far as to not have my installation of WordPress break anything during an upgrade.
knocks on wood
Had you made changes to the core code that were lost in the upgrade?
October 10th, 2005 at 12:01 am
I’m sure some kid in a button up Dragonball Z shirt is chortling right about now while he listens to the Halo 2 soundtrack and IMs all of his hax0r buddies to brag about how “l33t” he is at “pwning.”
October 10th, 2005 at 6:39 am
I’m liking the fact that now your RSS feed includes the title of the post that’s being commented on… It was always hard to mentally split the conversations up before…. And now I can just skip over the numerous Prince of Persia ones without actually reading them, which’ll be nice…..
October 10th, 2005 at 8:27 am
MW –
Yes, apparently it was an xmlrpc.php hack. Once I finish up some housekeeping, I’ll write the full geeky recap.
October 10th, 2005 at 8:51 am
sorry for your trouble, i have had my commercial site hacked and brought down three times this last year. i will bide my time in anticipation of a long, involved, interesting story from you.
October 10th, 2005 at 8:57 am
Are you people speaking English?
October 10th, 2005 at 11:56 am
Admin/John– Argh, sorry to hear that. I had a bad feeling about what happened when I saw the notice the hacker left up. You’ve got my email address, prod me with a sharp stick if you need help.
Julie, yes, it is technical English. Basically, my concern (since I ‘do’ security for a living, albeit at the military-/intelligence-grade level; I have a number of screenwriter friends that I answer questions for in the sake of realism) was that John’s site was attacked by a computer hacker using a known flaw in the server package that his blog runs on. A ‘patch’ to fix the problem has been around, but one of the particular problems with security is that you have to be pro-active, so if you’re aren’t a technology wonk, and you focus on things that matter to you (read: real life), you may not be patched to the ‘current’ security level.
I asked about the specific nature of the hack because I’ve been seeing some fairly large-scale scanning of the net for exactly that vulnerability. First, it is highly unlikely that John was a specific target, just that when his system was viewed as vulnerable and logged by the hacker’s automated system, the hacker hijacked John’s system. Even in ‘harmless’ (e.g. nothing was destroyed), the action was still a felony, and disrupts John’s ability to work (note to hackers: can’t you just be nice and send the owner a notification, rather than giving a public spanking? I understand, but you also have to understand that these folks provide a public service (e.g. John informs, educates, and entertains others interested in pursuing a career in media, something you yourself might contemplate some day), and they don’t understand the internals of the technology the way you may). Second, there are lots of vulnerabilities in technology systems that can be exploited and that there aren’t vendor alerts or patches to fix (called “day zero” vulnerabilities), so even staying current with the technology is no comfort.
If you’re a blogger, google “xmlrpc.php vulnerability” and see if you need to patch.