I Got Hacked, Part 2

Getting hacked has been a tiring but rewarding experience. Absurd, yes?

Let me explain. I have spent my entire adult life learning how to be more responsible for myself, my stuff, my projects and my people. Responsibility frees me. No longer am I beholden to others. I am also no longer beholden to my own fears.

Responsibility entails knowledge and a willingness to act on that knowledge.

When I got hacked, I realized I had done something very, very, very stupid.

WordPress is a web-based system that runs through a web database system called MySQL. Structured Query Language is relational-database (data in one field can be related to data in another field through a relationship) that is about 45 years old. Without SQL (and php, but that’s another discussion) wordpress would be unable to save posts and pages and comments.

It would be like a car without an engine.

I run WordPress myself (as opposed to wordpress.com). That means I have access to the MySQL databases attached to my wordpress files.

The gold standard for web security with regard to wordpress (and any website running SQL) is to have one username per website per SQL database. That means the database attached to jaysennett.com should have one username (call it user1); the database attached to homofactuspress.com should have a second, different username (called it user2); and so on, for all my domains.

Why should this be the gold standard?

If a hacker gains access to the database information (which is quite easy to do, actually, since that information is contained in the configuration file that runs wordpress), they can only vandalize/hijack one website.

I’m sure you can see where this is going because that is not what I did. Here’s what I did. Each domain/website had the same username for the database running it. So when they hacked the jaysennett configuration file, they gained access to all three database files.

This is a really, really, really STUPID thing to do. And it is very irresponsible. Not even to my readers, however few they are, but to me! I had wasted my own time and money resources.

I was too smart to know how stupid I was. That’s how stupid I was. But I’m learning and quickly. And the reward has come from becoming responsible for my websites. Websites require responsibility. I’m still amazed that I even have to right such a sentence. Everyone knows houses require responsibility. But websites?

Yes, the website will require maintenance. Yes, security is something you will be responsible for. Yes, having a website is a responsibility.

The Impacts of a Hacked Website, Tony Perez, Sucuri Co-Founder/CEO

Are you a responsible website owner? Do you have security style?

I Got Hacked

Do you have security style? I don’t.

Late last week I discovered my personal site here had been hacked. Because I am the dumbest website administrator ever, the hackers were then able to gain access to the site at Homofactus Press and the site at Transgender Cartoon Gallery. Homofactus Press and Transgender Cartoon Gallery were defaced.

Defacing is electronic vandalism. They destroyed image folders and my theme at Homofactus Press, and essentially destroyed every entry at Transgender Cartoon Gallery.

My personal site got hijacked by spammers sending links to bogus Tiffany websites.

I thought I could take care of it myself; clean out the infected files and restore the vandalized sites through backups I had. Which I did. Then the hacks got worse. I lost sleep and time.During one 24-hour-period I slept only 20 minutes.

But I gained a sense of how important website security it is. Without good security, I had treated my websites as if they were homes in which I left all the doors and windows unlocked. Maybe I locked a window or two and an occasional door.  Sure. The net result was the still the same, though. Open windows and doors are still open, even when two others are closed.

I had three websites which were vulnerable in toto. I was not responsible for my websites. In fact, I was completely irresponsible.

As a writer, I care deeply about how I archive my work. Backups ensure there will always be a copy of my work available to me. I care about my money and watch how I spend it. Financial responsibility gives me time freedom, something very important to me as a creative person. Marketing my brand is also important to me.

Website security? Not so much. The sad fact remains I had no security style. None.I simply did not care enough about my websites – and the hours and hours and hours of time and money I invested in them – to do the right thing for myself.

To be continued.

Toni Morrison & Angela Davis – The Purpose of Freedom

Toni Morrison and Angela Davis

I am reminded of the tremendous work Morrison accomplished as an editor at Random House. During her tenure she published Toni Cade Bambara and Angela Davis.

“I tell my students, ‘When you get these jobs that you have been so brilliantly trained for, just remember that your real job is that if you are free, you need to free somebody else. If you have some power, then your job is to empower somebody else. This is not just a grab-bag candy game.’”

Twenty-Five Cent Words

Reviewing another writer’s work is a great responsibility. One of the greatest ones, I think, is my responsibility as a reviewer to understand what a writer is trying to say and how they are trying to say it. Need I say that whether I like the work or not is irrelevant? I’m not sure I like Mrs. Dalloway by Virginia Woolf. That it is a work of genius I have no doubt.

Some writers use multisyllabic words (i.e. twenty-five cent words) in their prose. Others do not. But I take it as article of faith that if a writer uses a twenty-five cent word, or, god forbid, a fifty-cent word, they do so for very good reasons. As a reviewer

Thus the responsibility as a reviewer falls to me look the word up in the dictionary. A review comment that goes “you use twenty-five cent words when ten-cent words will do” smacks of a horribly, lazy kind of anti-intellectual arrogance. Words contain both rhythm and meaning. In the case of verbs, our English language contains words with tremendous nuance. A character can gallop, prance, traipse and slink. Each word conveys a different meaning, far richer than walked like a horse, walk with high, springy steps, to walk around aimlessly yet seemingly with purpose and to walk furtively.

As a reader, I take no offense when an author uses a word I don’t know. If I’m feeling ambitious, I’ll look it up while reading. If not, I’ll note it and review the definition at a later time. I never feel that the author has somehow broken some secret covenant with the me that says the author shall never remind me that I don’t know everything. Nor do I feel the author lords his intelligence over me when she uses a word like mendacious.

If a reader refuses to look up a word in the dictionary, as writers that is not our concern. But as reviewers we have an obligation to look up the damn word! When we do, we learn a new word for our own writing; but, more importantly, we come just that much closer to being better reviewers.

A critique that scolds the writer for using words the reviewer doesn’t understand – and is too lazy to look up in the dictionary – says everything about the reviewer and nothing about the writer. Which means the reviewer has not helped the writer at all .I’ve wasted her time because she has had to read my stupid, helpless review.

As writers we are in this big, crazy thing together. Respect should be a given. Part of respect is humility. A writer who refuses to review definitions of unknown words is a writer who has ceased to grow and is now trite.