BLOG BIZ: Debito.org hacked, down for nearly two weeks, now back up

mytest

eBooks, Books, and more from ARUDOU Debito (click on icon):
Guidebookcover.jpgjapaneseonlyebookcovertextHandbook for Newcomers, Migrants, and Immigrants to Japan「ジャパニーズ・オンリー 小樽入浴拒否問題と人種差別」(明石書店)sourstrawberriesavatardebitopodcastthumb
UPDATES ON TWITTER: arudoudebito
DEBITO.ORG PODCASTS on iTunes, subscribe free
“LIKE” US on Facebook at http://www.facebook.com/debitoorg
http://www.facebook.com/handbookimmigrants
https://www.facebook.com/JapaneseOnlyTheBook
https://www.facebook.com/BookInAppropriate

Hi Blog. It’s good to be back after nearly two weeks of being down after being hacked. Just a brief paragraph recap of what happened for those who are interested:

On November 29, I tried to log in but found that my password wouldn’t work. I got in touch with my provider but they were slow in answering, and after being bounced between a couple of helpful and unhelpful techies, I got signed up for a cleaning-out service. This took some time, as Debito.org after nearly two decades of service has accumulated around 16 GBs of data. But once that was cleaned out, I still had trouble logging in. So I had to manually update themes and change passwords here and there, only to find out that the only password that would now work to avail me of this dashboard was the old one (I’ve now gotten in and changed it officially via the blog dashboard). So here we are, back, as of this morning, ready to resume discussion.

Meanwhile, the question remains, who hacked Debito.org and why? Several techies wrote to me saying that WordPress is particularly vulnerable to hacks and spiders that implant viruses with delayed infection times. I don’t doubt that, but hours after Debito.org was taken offline, I got this weird message:

======================
Begin forwarded message:

From: <dvib7om+7tzkj4@guerrillamail.com>
Subject: All your base are belong to us
Date: December 1, 2013 at 7:57:47 PM HST
To: “debito@debito.org” <debito@debito.org>
Return-Path: <dvib7om+7tzkj4@guerrillamail.com>
X-Original-To: debito@debito.org
Delivered-To: x9560096@homiemail-mx2.g.dreamhost.com
Received: from alc-junkmail-backend3.dreamhost.com (caiajhbdcaib.dreamhost.com [208.97.132.81]) by homiemail-mx2.g.dreamhost.com (Postfix) with ESMTP id 43058448606 for <debito@debito.org>; Sun, 1 Dec 2013 21:58:58 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by alc-junkmail-backend3.dreamhost.com (Postfix) with ESMTP id 3F4171616045 for <debito@debito.org>; Sun, 1 Dec 2013 21:58:58 -0800 (PST)
Received: from connor.dreamhost.com ([208.97.132.205]) by localhost (alc-junkmail-backend3.dreamhost.com [208.97.132.104]) (amavisd-new, port 10024) with ESMTP id Nbkua-ThjKXQ for <debito@debito.org>; Sun, 1 Dec 2013 21:58:58 -0800 (PST)
Received: from guerrillamail.com (mail.guerrillamail.com [198.143.169.10]) by connor.dreamhost.com (Postfix) with ESMTP id AB6042CA800C for <debito@debito.org>; Sun, 1 Dec 2013 21:58:57 -0800 (PST)
Received: by 198.143.169.10 with HTTP; Mon, 02 Dec 2013 05:57:47 +0000
X-Dh-Virus-Scanned: Debian amavisd-new at alc-junkmail-backend3.dreamhost.com
X-Spam-Flag: NO
X-Spam-Score: -1.039
X-Spam-Status: No, score=-1.039 tagged_above=-999 required=999 tests=[RP_MATCHES_RCVD=-1.049, T_DKIM_INVALID=0.01]
Mime-Version: 1.0
Message-Id: <159d7d8b8dd29e053ac7484078bb82ca2248@guerrillamail.com>
X-Originating-Ip: [185.2.28.159]
Content-Type: text/plain; charset=”utf-8″
Content-Transfer-Encoding: quoted-printable
X-Domain-Signer: PHP mailDomainSigner 0.2-20110415 <http://code.google.com/p/php-mail-domain-signer/>
Dkim-Signature: v=1; a=rsa-sha1; s=better; d=guerrillamail.com; l=255; t=1385963871; c=relaxed/relaxed; h=to:from:subject; bh=ouvuUWJpwETjUDkcfcPvQDw0gQM=; b=EjFrOzxmAT/eOU2HuLhFdm1C3vIFrookRLn+491+dkq3Y4K6XnkVbqScxTuQsQoM

you were taken down and you will be taken down again until you learn how not to be a hypocrite

—-
Sent using GuerrillMail.com
Block or report abuse: https://www.guerrillamail.com/abuse/?a=RUR2DBkPY7AQigeg%2FzAQYBM%3D
======================

In response, we’ve signed up for a program offering constant security scans and cleaning, and although that increases maintenance costs, we’ve gotten donations (and lots of free advice, thanks for both!) from very kind people out there. Much obliged!

If you like what you see and want to keep Debito.org up and hack-free, please consider contributing a little something by Paypal:




Anyway, we’re back. Let the discussion resume! Thanks for reading and contributing! Arudou Debito

11 comments on “BLOG BIZ: Debito.org hacked, down for nearly two weeks, now back up

  • Loverilakkuma says:

    I guess some whacky guys sent a sinister message on the Black Friday because they were so pissed for missing the holiday shopping. So instead they chose to disrupt someone’s personal intellectual property that is not for sale?

    I was about to submit my comment on the posting the next day, but it didn’t go through. I tried again, but no response. So I suspected there was something wrong with this website. I’m not sure it went through, but I’ll try again later if it didn’t.

    Anyway, glad the blog is back again.

    — Thanks Loverilakkuma. I’ve just checked all my folders, and I’m afraid it didn’t go through. Please resubmit? Sorry about that.

    Reply
  • Glad you’re back. I wouldn’t just let this pass – hacking websites is a criminal, punishable offence in the US. The first step would be to contact the company https://www.guerrillamail.com/ at:

    Admin Name: ALLEN HAMILTON
    Admin Organization: JAMIT SOFTWARE LTD
    Admin Street: 1801 WING ON CENTRAL BUILDING
    Admin Street: 26 DES VOEUX ROAD CENTRAL
    Admin City: CENTRAL, HONG KONG
    Admin State/Province: HK
    Admin Postal Code: HK
    Admin Country: HK
    Admin Phone: +61.0417255032

    and tell them suspect for hacking your website used their service to send a threatening email. They will be able (but maybe not willing) to give the IP-Adress of the person if you supply the email header data. It’s probable they will only cooperate when presented a court order. Whoever sent this mail doesn’t seem to be very professional. There’s no way to tell if the person who sent the mail has anything to do with hacking the site, but it wouldn’t hurt to grill him / her a bit.

    If your server was in the EU I’d know exactly what to do but I’m not sure about how it works in the US.

    Reply
  • I know YOU don’t want to speculate, but it doesn’t take much imagination to guess what sad nerds were responsible. The only thing sadder than housegaijin is the fact that they tend to be computer nerds as well.

    Reply
  • Really bad. You are not a hypocrite, and you don’t have to go back to America since you changed your nationality.
    I guess the haters think that the fact that you know Japanese is not enough but that you have to act a certain way.
    The criticism is not justified.
    This website is useful since it mentions things that apologists would just prefer to sweep under the rug.

    Reply
  • Debito, Tor is software that’s being used to anonymize web traffic. https://www.torproject.org/
    There is a debate about whether the US government is able to trace back traffic that is using proxy IPs, but to the harassment victim, the communication is basically coming out of a black box. This is why I say cowardly. I’ve had similar harassment over the past several years, probably from the same persons.

    Reply
  • Well, it is interesting that the stalker site wound down its focus on Debito from a couple of months ago, popped back up to point out that debito.org had a problem on Google, went quiet again, then went into defense mode ‘it wasn’t us!’ when Debito took down the site for repair. Any software security engineers over there? Oh, yes…

    Reply
  • From https://www.torproject.org/
    “Tor is free software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.”

    Basically it means that you can hide your location and IP address very very well.

    Also AFAIR https://www.guerrillamail.com is a disposable email address service. No registration required. No way to trace.

    The cracker understandably wanted to hide his steps.

    Glad to see you back debito. Let the truth out.

    Reply
  • Peter McArthur says:

    Tor is a system that allows you to use the Internet with near-perfect anonymity. I’d give up on tracing the e-mail back to its source, if I were you.

    It is VITAL that you keep your WordPress installation up-to-date. WordPress’ ubiquity and appalling security record makes it an excellent target for hackers.

    Reply
  • As a WordPress user myself I would encourage you to install the Limit Login Attempts plugin if you haven’t already as a good method to reduce potential hacks. Best of luck with it.

    Reply
  • on a weird tangent to this, certain government sites (namely, the subway) in Hong Kong block content (but not comments) on debito.org because the keyword “racism” and then “fascism” come up.

    I have already complained and copped a plea to them unblocking the site.

    Reply

Leave a Reply to bob Cancel reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>