Well played, anonymous hacker. I even respect your lack of political posturing.
For when this gets fixed, right now techcrunch.com is an empty html page that contains <a href="http://nottherealurl.com/ title="rapidshare downloads">rapidshare downloads</a>
Edit: now it is a blank html page that contains only "hi". Someone from HN rehacked it? Or it's about to be fixed.
Looks like it's switching around depending on what backend their load balancer throws you to. It's jumping around for me, which suggests they don't have any session affinity. Interesting, but I guess it's not required for their kind of app.
Techcrunch could be delivered as a PDF. I get it on my Kindle.
Just as most new web sites are not startup companies, most existing web sites are not apps.
The distinction and difference is that a software application helps a user perform manipulation or transformation of data as useful work.
Most websites, despite simple interactivity (e.g. search), are still published as "content" for consumption within a content access application, not for manipulating work|play|creative output.
Yeah, he/she/they definitely should have done this on Wednesday at 10:00 AM (or whenever the Apple event is) if they were looking to cause any sort of damage.
At one point, the source said <!-- WP Super Cache is installed but broken. The path to wp-cache-phase1.php in wp-content/advanced-cache.php must be fixed! -->
Hope they have backups and don't loose data. As much as I hate that their quality has gone down, I hate to see someone's hard work get killed by something like this.
(Yes, my blog is currently hosted at wordpress.com, but I'm evaluating Jekyll as part of the next round of server migrations. I started with wordpress.com years ago when I didn't want to run WP on my own server, but wanted the ease of a blog.)
That's not a bad rule. I've actually been considering using sphinx http://sphinx.pocoo.org/ for my blog reboot. Mostly because I'd like to offer visitors a choice of formats, read bits and pieces on the web or grab the whole thing as a PDF or reasonably priced e-book.
"It's safe because I haven't been hacked yet." Meanwhile, pretty much everyone in the security community running Wordpress on their own sites got hacked via it in 2008-9.
So at first glance and with limited info... it's a plugin. Not that this surprises me, I still use vBulletin and I spend a lot of time code-reading the plugins for that before I use them. Mostly to make sure they don't do silly things like have SQL inside a loop over potentially lots of items, but also for the obvious security holes.
phew I don't feel bad now. I wrote a HTML preprocessor in 1999 to allow PHP-like embedding of Perl in webpages. It did the equivalent of register globals. I still have it up on my website but with a big warning that says "this has known security issues, don't use it". At least someone else made the same mistake around that time :)
Does TC have programmers? Why then would they use Drupal? Drupal for programmers is some of the most horrible code I've ever come across. Hey let's look at this back trace of THOUSANDS of functions.
-Unfortunately responsible for maintaining a Drupal install at work...
Thousands of functions? Then you're doing it wrong. Drupal has the best documented API and tons of extensibility. Unless you're trying to change what Drupal is at its core, doing stuff is never impossible or even that difficult. Make sure you're using Devel: http://drupal.org/project/devel
Unfortunately I'm stuck with Drupal 6. And if you do a backtrace in any custom module there will literally be thousands of functions listed. It may have 'tons of extensibility' but at least Drupal 6 is a cluster mess. Sure it may give less experienced programmers ability to do things quickly but as a more experienced programmer I find the rigidity of it to be stifling.
As an engineer, I won't take your argument of "thousands" of functions in a custom module. Also, yes, Drupal is far more complex than any other CMS because it's not a CMS. It's more like a framework you use to build your own mini-CMS. You can customize it to your needs a lot more than WP.
Huh? How does "big" make them deserve a custom solution? Huge behemoths like nowPublic.com and spreadfirefox.com run Drupal. Heck, economist.com is >>> techcrunch, and they're dropping their custom solution and shifting to Drupal. IMO, "big" is the least of their concerns if they want to switch to Drupal. TC is perfect example of a website wanting content management. Content is what they deal with.
But, I will say Drupal is not the answer to all problems. For example: if your application deals primarily with data that can't be classified broadly into "content". Like last.fm or chesspark.com or etherpad.com... you get me.
I don't think OP meant in page views, rather in the level or requirements. For example, The Economist has a lot more writers/editors/designers/etc who all have different needs from the system, many not necessarily very computer literate etc.
Page views alone aren't that big a deal in a content website like TC/Econ - you can do plenty of caching, buy more servers etc. Serving the needs of all the various people involved in an Economist-type publication is where the challenge is.
A lot of WP sites that get exploited have been due to the FTP password jacking / iframe exploit. Typically WP is quite reliable with fast patches preventing catastrophe.
How about hackers everywhere give up on reclaiming this term. It's not going to happen. That way I don't have to see this post on every single story about malicious intrusion that comes up on social news sites.
I appreciate that whoever runs the site can call it whatever they like, but I wish they hadn't chosen 'Hacker News'. I know that it's my own prejudices at play here but it's simply embarrassing to have 'Hacker News' staring out from the top of my browser window. It's so ridiculous I can't even bring myself to say it, when I discuss links with a friend who also checks this site the conversation starts with 'did you see that article about X on the, er, the YCombinator news site?'.
Also note that it's possible for a single word to have multiple meanings depending on context, this includes even opposite meanings with opposite connotations. In the context of news.yc.com the term "hacker" generally has a different meaning than the term has elsewhere, especially in the context of unauthorized, malicious intrusion into a computer system.
Similarly a term such as "killer" may have an extremely negative connotation in the context of a grisly homicide yet the same word may have a positive connotation and a completely different meaning (dominant, superlative, desirable) in other connotations. Such is the dynamic, flexible, and adaptive nature of language (outside the realm of the pedant).
Main Entry: hack·er
Pronunciation: \ˈha-kər\
Function: noun
Date: 14th century
1 : one that hacks
2 : a person who is inexperienced or unskilled at a particular activity <a tennis hacker>
3 : an expert at programming and solving problems with a computer
4 : a person who illegally gains access to and sometimes tampers with information in a computer system
Three out of four possible Merriam-Webster definitions are negative.
Only the 4th one seems negative to me... 1) is neutral (since hack has atleast 1 +ve meaning), is positive and 2) is as similar to inexperienced/unskilled whose connotation is context dependent(imho)
Visitors should be awake that visiting tc.com rightnow is equivalent to visiting an suspicious, untrustred site. It could serve malicious content that takes advantage of unknown vunerabilities even on fully patched systems... although i'd hope the hn audience is savvy enough to know this.
Who ever is behind this is changing the html page, 4 mintues ago it was <a href="http://dupedb.com/ title="rapidshare downloads">rapidshare downloads</a>. Now the source says "hi". Strange times.
but i feel the hack was done today instead of tomorrow to let them know the hackers displeasure on something.
but not to really hit them when it matters... (which is tomorrow for apple presentations )
maybe its just a warning perhaps.
I am sure techcrunch is working on this...
wordpress systems are pretty stable but all systems have a loophole.. on many systems, you can't avoid the hacking because it is the human errors (or negligence)
This was no automated attack. The page was updated with a series of what could only be hand written messages as TC tried to overwrite what the hacker was uploading. At one point the whole page turned to "o_O".
Yes, I'm aware of that. However, it's not for any of the relevant parties in this story (TC, HN, Apple), and the Apple event is a fixed number of hours away, regardless of what time zone you're in, and that number of hours is sufficient that the event is not "tomorrow". Or I'm up way too late and not thinking clearly :)
For when this gets fixed, right now techcrunch.com is an empty html page that contains <a href="http://nottherealurl.com/ title="rapidshare downloads">rapidshare downloads</a>
Edit: now it is a blank html page that contains only "hi". Someone from HN rehacked it? Or it's about to be fixed.