kompromat (or: how I helped lose the election)

Today, as I’ve been relaunching my blog and migrating it from an Amazon EC2 cloud instance to a GoDaddy hosted wordpress account, I’ve been listening to the president elect hyperventilate over recent reports that Russia has compromising information on his business interests and peccadilloes, was at some point prepared to blackmail him, and had regular covert contact with his campaign. Crazy. Even crazier than the widespread reports that Russians used an army of hackers and trolls (especially Edward Snowden and Wikileaks) to help spread disinformation about the election and sabotage Hillary Clinton’s campaign. It’s like we’re living in a mashup of Bridge of Spies and Spies like Us.

But for me, the craziest thing of all is that I seem to have played a (tiny) role.

Let me share a bit more about why I’m moving the site. Recently my domain has been down, and I’d been struggling to figure out why, since the server seemed to be up and running. Worse, I couldn’t access WordPress or even ssh into the site, which meant I couldn’t check and see where the traffic was coming from and I couldn’t export my old posts for relaunch. Not being much of a tech wizard, I set the problem aside sometime over the summer.

Well, I finally gave up, and I’m now reconstructing the old posts by combing through the WP database backups that I was emailing to myself on a weekly basis (this is a PITA, by the way, and means I’m losing all images and documents hosted on the old site; but there’s a great tip on how to pull posts from a WordPress DB here).

Now that the site is up and running again, I thought I’d check in to Google Analytics. I hadn’t thought to look before because, since the site was down, I figured there wouldn’t be anything to track. This is what I found:

 

Check the nationality.

 

And check out the “language” used by my top visitors.

 

So the vast majority of visitors to the site were from Russia (and Kyrgyzstan). And their preferred language was either Russian or something called “Secret.google.com … Vote for Trump!” And the traffic spiked through election day and then collapsed in December.

Finally, if you look at the pages they were visiting, you see several pages that I never placed on the site:

 

 

Now I’m not sure what this all adds up to. They certainly couldn’t have secure shelled into the server itself (I’d done a lot to harden that). My guess is that they found some other way to exploit WordPress and take over the server, including creating content. But I am shocked. I’d be curious how much this tracks what other WordPress hosts saw over the same period. Certainly, it was the last thing I expected.

A few years ago I was complaining that maintaining your own server meant having to fend off increasingly severe and sophisticated attacks from hackers/bots located outside the US (something I’m not really equipped to do). Now it seems clear that this was more than just a hassle — it’s actually dangerous. If you don’t know what you’re doing, you’re basically opening up a channel for others to use against the world.

Sorry, democracy. ¯\_(ツ)_/¯

Hacking: WYSIWYG

Two weeks ago I noted that someone had recently tried to get into my WordPress server. My firewall traced the query back to an IP in China, though I don’t have the ability to figure out where it originated from initially. I linked it to news of escalating activity from abroad; it seems that attempts to get into academic networks are sharply on the rise.

Then a week ago my server collapsed under what seemed to be a DDOS attack. I tried to restart it several times, but everytime I got the server back up it was swamped with traffic. I’ve spent a good eight hours now launching a new server and migrating over content from a backup. Most of my posts are back, but I lost the last year’s worth of images. I’ve only been able to recreate or restore about half.

It’s all kind of creepy. And it may be beyond my capacity to try and stay on top of escalating security problems on a private blog. Apparently there’s a botnet that’s been hacking WordPress servers generally for the last several months. I like having my own site; I like the ability to post whatever content I want and try out different kinds of server technologies; my Omeka-based class last year depended on this capacity. But the bar is getting higher.