Sébastien Merkel - Page Personnelle

I had a funny surprise a few weeks ago: my site had been hacked! It was used to send spams and and relay porn website... It took me a while to figure it out completely but I finally understood: those guys were real ones, not your plain script kiddy.

The operation must have started months ago. I had a huge security hole in a PHP script: it was calling for a parameter called $file, and this parameter was the base of a file to be included, something like $file.inc.php. The hacker figured that out, probably by lunching a google search like inurl:$file=. They then managed to upload a shell script called c99madshell, that included calls to various servers in Russia. I know this was done months ago since a new security measure was turned on that disallowed including php scripts from outside servers...

Once this shell is installed, the hacker can see all you files, including php script, configuration files, .htaccess... They can upload scripts, make files, make directories... Basically they had full control. Finally, I went through all my files, one by one, to make sure that I had really created it, and ended up finding the trick... They had an obscure directory far in a structure where I did not go very often with scripts for spams, relay pages for porn websites, and those things,mostly from Brazil by the way.

Lucky enough, my page was partially protected: it is totally impossible to access parts of the site from the other one. I think I have it clean, but I'll have to monitor my logs very carefully for a while. I'll probably rebuild the whole things in a few days, so expect delays and bugs...

Conclusions: if you did not know, you really have to watch your logs to make sure that files you did not create are using your bandwidth, also, log-in frequently and make sure you do not see any files or directories you never created: it's a very bad sign...

I just read this article in le Monde on World of Warcraft... For those who did not believe it, the market for multi-players online games is absolutely huge!

World of Warcraft is some form of adventure video game. Unlike others, you do not play against or with your computer, you're playing with thousands of other players, worlwide, connected through the internet. I do not play video games myself but did hear of this one before. Also, there is a small shop down from my appartement where people come to play those kind of games and it's always full, all day long! I would not have believed it.

Anyway, back to my story: 8 millions players... In Europe or in the US, people have to pay a subscription (12.99 euros per month in Europe) and Vivendi employs 1700 people to assist the players 24h a day. I'm really impressed by those numbers. It's ever bigger that I thought...

I just came back from New Year holidays in London. I did know that it was an expensive city, but not to that point! When we arrived, a single ride on the metro was at 3£, 4.5€, or 5.9$... And when we took it again yesterday, we had another surprise: it at gone up to 4£! That's almost 5.9€, or 7.9$! Imagine, paying about 8 bucks to ride one stop in central London! I have been and lived in a few cities in the world, including Tokyo, and I have never seen anything like it. How the hell to you want people to ride the metro at 8$ a shot?! I know, salaries are pretty good in the UK, but not THAT great, and I'm not even talking about tourists and visitors...

Ok, there is a way around it: get an "Oyster" card. It's some form of a pre-payed card, that you can used with a monthly or weekly pass, or pay as you go. If you are just visiting, you should use the pay as you go option: you load the card and each trip within the center of London is charged 1.5£, up to a limit after which it is free.

But still, 8$ for a single trip, what a rip-off for the person who just landed in London, is just doing one trip, and did not get an Oyster card!

Finally, I did go and see a play for Lille 3000! What is it? Well, it's some form of a big cultural event, lasting 3 months between mid-October and mid-January. The central theme is India, India the country. Codename: Bombaysers de Lille...

It's pretty cool actually. Streets have been decorated, museum are showing special exhibits, cinemas and theatres play Indian shows and movies... For 3 month, you can fill you brain, eyes, ears, and mouth with Indian food and culture. It's quite a change to have such an event in Lille, a city associated with the North, rainy weather, mines, and textile factories.

My only problem: it took me more than two months to move my big fat ass and actually do something! I did go see a play last night, it was the first time... Just have less than one month left to recover and get something out of it!