We all fear it. No matter how much trouble you go to, the fact is, if your computer is connected to the Internet, you are vulnerable. It is possible that it can be compromised by someone who either wants at your data or has too much time on their hands. Unfortunately for the team over at phpfog.com, it was the latter that caused them problems. Teenagers with nothing better to do decided to see what mischief they could cause and one of them seems to have stumbled into a whole pile of it.
To their credit, the phpfog.com team did what they should do. They shut everything down, wiped and reinstalled everything, checked everything, and then brought everything on-line. Then they fessed up to exactly what happened, how it happened, and what they have done to make sure it won’t happen again. Yesterday, Lucas Carlson, founder and CEO of phpfog.com, posted a very detailed analysis of the weekend’s activities including timelines, attack vectors, and even a chat log with the little bugger that caused all the trouble. Here’s a little sample.
It was a dark and stormy night in Queensland, Australia. Elliot, a 16 year old student, should have been preparing for his final exams on Monday. Instead he was in a race with John, a 16 year old student living in New York, and “turby” to deface the PHP Fog site the fastest.
Lucas goes on to tell the entire story in great detail. He takes the time to thank the PHP community for their support and for not reacting as he had supposed, with ridicule and mocking. The comments, interestingly enough, start with a comment from one of the involved parties and the discussion is quite lively.
Not all members of the PHP community have given phpfog.com a pass. Raphael Dohms tweeted about the matter saying “Beta or no Beta, the @PHPFog team made sum vry bad calls w/ unsecure servers, the “kids” wr wrong, but its irresponsible 2 go live like that”.
All in all, the post is an interesting read and a cautionary tale for any hosting startup. Take 10 minutes, read it over and if you like, drop them a comment.