It’s Inside the Building!

You know in that horror movie where the girl is on the phone and there’s some crazy mofo who’s freaking her out but for some reason she doesn’t hang up and eventually it turns out the crazy mofo is already inside the house and really has no reason to call? I had a moment like that tonight. I’ve had a rash of spam lately, all using my Facebook identities. I waited for my spam-catchers to get a clue, but the comments kept coming. “Fine,” thought I, “I’ll just block the addresses they’re coming from.”

I fired up my diagnostics, and found the source. localhost. My server thought the comments were coming from itself! Double-plus ungood, to quote Orwell. Extra double-plus. My spam-detecting software, it turns out, recognized the evil of the comments, but was immediately overridden by the administrator. By me, or a vile piece of software pretending to be me.

I just changed a lot of passwords. I hope I can remember them later. I also set a switch that requires that all comments be approved before they go live. Alas, this is likely more an inconvenience to legit comment traffic, as the evil robot has already proven capable of emulating me and giving permission.

I also spastically updated all my wordpress plugins (I do this fairly often anyway) — including, perhaps significantly or not, the one that passes comments between here and Facebook. Later, going back, I see nothing in that plugin’s update info to the tune of “closed egregious spam hole.” But the attack vector seems to be through my Facebook identities. It may be that the conduit trusted the origin of the messages too much.

So now I wait and watch, and your comments will take a little longer to reach the page. Hopefully I can loosen things up soon.

Oops

The first time you use sudo on a UNIX/Linux/FreeBSD computer, it gives you a warning. The warning is brief and says (more or less), “don’t ever forget that using this command gives you the power to really f— things up.”

So today I meant to type:

sudo chown -R Jerry:admin .

But instead I typed:

sudo chown -R Jerry:admin /

The first command says, “change the owner of every file and folder in this directory and all subdirectories to Jerry.” That’s what I wanted to do. The second command? It does the same thing, but for every file and directory on the whole damn computer. I won’t go into the whole UNIXology of ownership; just take it from me that what I did could be very bad.

I stopped the process while it was still rampaging through my /Applications folder. I stared at the terminal window for a while, wondering if I was about to “nuke and pave” — wipe things clean and start over.

But wait! Part of Apple’s effort to bring *NIX to the masses is a tool specifically designed to go through all the files on your hard drive (particularly the /Applications folder) and fix ownership and permissions problems. I ran the utility, it fixed a bazillion issues, and, Turing willing, I’m A-OK.

Today I was glad my operating system came with training wheels.

1