O Canada! – or – frgdr.com Just Got Base64’ed, Again!

Warning: This post is quite technical and might only be interesting to true geeks.

[singlepic id=313 w=320 h=240 float=right]Yesterday I found out frgdr.com was injected with malicious code which redirected some visitors to discount-canadian-medshop.com, an e-commerce website selling pharmaceutical drugs (read: Cialis). This was a particularly conniving hack as only some posts were affected, making it harder to detect anything was wrong. If you are interested in such details, after the jump is a summary of the incident.
Continue reading O Canada! – or – frgdr.com Just Got Base64’ed, Again!

Back in Business

“Reports that say something hasn’t happened are interesting to me, because as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns — the ones we don’t know we don’t know.”
  – – Donald Rumsfeld, US Secretary of Defense, 2002

Update: frgdr.com was base64’d a second time on May 12, 2010. New insights at the bottom of this post.

[singlepic id=270 w=320 h=240 float=right]A few hours ago frgdr.com was injected with malicious code which redirected every visitor to a website that tries to trick people into downloading a fake antivirus program. Everything is fine now. If you are interested in such details after the jump is a summary of the incident, including why my hosting provider GoDaddy is awesome.
Continue reading Back in Business

Web 2.0 and Jerusalem Snow Alerts

Jerusalem is expecting significant snowfall this coming Tuesday evening, and so the director of the Naggar School of Art, a client of mine, has asked for my advice on how to instantly update the school website so that students will know if there will be any classes Wednesday morning.
Good thing Web 2.0 was around to help us out: the Internet in its current phase enables different services to interface, that is exchange data with each other, and that allowed me to make one school director very happy, as he is now able to text snow status updates from his cellphone, allowing the students to receive automatic updates by SMS, RSS, or by simply visiting the school website.

Here is a cool video explaining Web 2.0. You may need to watch it a couple of times to absorb all the information:

The CommonCraft Show has great videos explaining different aspects of Web 2.0 in plain English, so anyone (Yes, even your mother) can understand.

If you want to find Shahar Golan / frgdr.com around Web 2.0 you can read his FAQ here.

Why frgdr.com Changed Its Hosting Provider from Yahoo to GoDaddy

Warning, GEEKY POST! Move on, folks, nothing to see here!
Unlike my regular posts about life, liberty and the pursuit of decent hummus, this is a pretty rare post intended for the technically savvy only, so do not bore yourself if webmastering is not your cup of tea. Read some other stuff here.

Okay, now the fact that you can actually read this post means that I was successful in changing a hosting provider from Yahoo.com to GoDaddy.com and I will discuss my reasons here:

When I first registered my website on August 2005 I wanted to host it with a company that:
1. Is recognized and respected and would not vanish after a couple of months
2. Has a large clientele thus its customer support would be good.
3. Is located outside Israel for security reasons (both cyber-attacks and actual real-life attacks)
4. Would offer a good value for its price.
For all these reasons I chose Yahoo Hosting Starter plan: US$12/month. 5GB disk space, 200GB data transfer.

I gradually became disillusioned with Yahoo, but it took quite a bit of time. It seemed the more I knew of the company – the less I liked my decision to work with them. The reasons to leave Yahoo started piling up:
1. A couple of months after I launched my website, I wanted to configure .htaccess to stop unruly bots from accessing it. This is when I learned that Yahoo does not allow its customers to configure that, amongst many other advanced features disabled by Yahoo.
2. To get a straight ‘No, we don’t provide it’ answer about .htaccess took the Yahoo customer support no less than two days and three emails, as the offshore employees are forced to reply using scripted answers. I have posted the whole torture-through-emails correspondence as a follow-up to this post – make sure you read it as it is well worth your time.
3. Yahoo’s over-zealous cooperation with the Chinese government became clearer as the number of human rights violations facilitated by its branches grew.
4. In May 2007 I launched a blog, only to find out Yahoo provides a crippled and outdated version of WordPress, with no easy way to upgrade it.
5. I became acquainted with GoDaddy when a client of mine needed me to design a website for him and he had already had a GoDaddy account. When I needed some DNS-related help and emailed GoDaddy’s customer support department, I was amazed at how fast the reply came (just a couple of hours later), how human it sounded and how helpful and accurate it was. That got me thinking why the heck am I paying four times as much as the equivalent GoDaddy Economy Plan costs: US$4/month. 5GB disk space, 250GB data transfer.
A couple of months later when I inquired about transferring my own website to GoDaddy.com, the answers were just as fast, just as accurate.
6. The straw that broke the camel’s back was a recent event when for three weeks thousand of websites (including mine) were down, producing on-again-off-again Error 500s. The good people at Yahoo were gracious enough to tell me they are ‘aware of it’ – but did not elaborate on the cause for the incident or their estimated time to fix the problem. Also, once the problem was fixed no notification was sent from Yahoo and no restitution was offered.

So now frgdr.com is happily hosted here, and hopefully this is a beginning of a beautiful partnership. We have upgraded to the latest WordPress version, started using web2.0 folksonomy tags, and are in a good mood for further site improvements.

…And now back to your previously scheduled blogging.