Sunday, March 11, 2012

laissez-faire cuts both ways

I got hacked.  Well, not really--but nowadays whenever something bad happens people say things like "I got hacked."  What happened was that I host a Creative Commons wiki and a Bulletin Board on a shared server with Dreamhost.  I have been very happy with Dreamhost for the past several years, and I think we have to appreciate what we get all the time--not just get angry when something bad happens. 

I don't know a lot about the Dec 29th hacks that tried to install backdoors in every php file in the directories (and sub directories) of two applications I had installed using the easy 1-click installer.  I know the blame has been on Wordpress, but the actual damage done was ... well, minimal.  Besides altering a bunch of php files and attempting to create a few HTML forms for gaining access to other parts of my site, not much else happened.  I was planning on moving the Creative Commons site to a dedicated server anyway, so in a way this was almost refreshing.  Also--I tend to have a soft spot for hackers--real hackers, not script kiddies, mind you.  This was more like the work of script kiddies cutting and pasting some php code than true hacking, of course, but that's not what really matters.

What does matter is that we keep things in perspective.  Although I grumbled about it at the time, I did learn a lot the last few nights as I ssh'd in via Linux terminal and worked on cleaning up the mess.  [Basically I grabbed all the media and got rid of the php files.]  At times, when I was researching this intrusion, I came across long and heated arguments about how this was Dreamhost's fault.  That made me a bit angry, and here's why:

I chose Dreamhost back when a lot of suckers were choosing GoDaddy or other hosts that 1) offered little ability to access the unix terminal to mess around with the guts of your account on the server, and 2) made you believe you owned the domain name you registered through them, when you did NOT. 

I chose Dreamhost because they appeared to be one of the most Python-friendly and Linux-friendly providers around.  I remember emailing them a few questions about using server-side Python scripts, and terminal access to my home directory.  They were very honest and helpful every time I had a question.  I have had no problems with them in four years now--until the Feb 29th thing.

But, you need to be honest with yourself when something like this happens.  First of all, Dreamhost is not the only victim that this happened to.  Also, you can't have your cake and eat it too.

For years I was frustrated by not having more admin rights from our district in my computer lab.  At times it got so annoying that several students and I ended up just booting into Linux on a stick rather than deal with a crappy setup that we could not customize for our needs.  Those days are past, though, and I now have full admin rights to every machine in my lab.  What caused the change?  I had to work at it for a long time, trying to build up positive connections with the district tech department.  Eventually we realized that giving me admin rights was a win for both sides--but I had to fulfill my end of that bargain.  I clearly told them, over and over, that I would handle all the troubleshooting and maintenance of the machines in the lab, and (most importantly) if we broke something, we were responsible.  Turned out that they liked the arrangement, and it continues to this day.  In the past two years I have had only one problem that I had to have help with--an iMac monitor that had a flaw in it that was apparent only a day after we got it.  Other than that, I have not had to ask for help installing software that runs on X11, or needed their help in finding lost files or troubleshooting software problems.

I see Dreamhost along the same lines.  They're a host that lets you mess around with the terminal, use version control, write your own CGI scripts--and so on.  So I was a little upset at clients that immediately started badmouthing Dreamhost and threatening that they were going to take their business elsewhere.  Typical human reaction, of course, but typical is pretty sucky when it comes to societal norms.  I'm still with Dreamhost.  My nightmare would be having them come out and change their policy in order to make us all "safer."  That would cause me to leave.

No comments:

Post a Comment