It’s been some time since anyone attempted to hack this blog, but this past week we’ve weathered (successfully, we should add) two separate attacks. Granted, they came from the same person, who was apparently quite determined to find a vulnerability.
As it happens, the hacker wound up telling us more about himself than he intended to—probably not the outcome he had in mind.
Who would want to hack us?
Lots of people, to be honest.
For example, our friend Cat Scot has been huffing and puffing and threatening to blow our house down for the past several days. In fact, we can think of quite a number of people who don’t appreciate us. We think we’re pretty nice people, but that opinion isn’t shared by everyone.
However, only one has directly threatened to hack the blog in the past few weeks.
Remember that wacky Pizzagate group we covered a couple of weeks back? If you recall, several of them became quite upset and paranoid when a non-believer joined their group and began talking to one of their members about the foolishness of claiming people were paedophiles without proof.
One group member, John May, seems to have become more upset than most: before banning the dissenter, he did a bunch of posturing about how he could pay $200 to have a website hacked, and we should watch out, etc.
He really, really doesn’t like us, though he seems a bit confused about who we are. Apparently we work for the Queen:
And we’re also Russian hackers: (Nice that he likes our “expert journalism”, though. Thanks, John!)
He seems to fancy himself a bit of a hacker, too: But, judging by the way he tried to break into the blog, he’s not always smart enough to turn on his VPN.
At least, he seems to have forgotten it when he used Arachni (a public-source web application security scanner) to run shell scripts in the Comments and Contact Us sections of the blog, in two failed attempts to probe for security weaknesses.
Or perhaps he thought we wouldn’t notice nearly 900 pieces of comment spam from the same IP address?When we had a look at this IP address, here’s what we found:
It’s a static IP, which means that it’s specifically assigned by the user’s ISP (internet service provider), as opposed to dynamic IPs, which make use of whichever port is free on the ISP’s server.
In other words, it can only belong to one account. That account belongs to someone in West Memphis, Arkansas.
And funnily enough, guess who lives in Arkansas?Now, we happen to know (because we looked it up) that John’s ISP, AT&T, takes a rather dim view of hackers using their service to attack other sites online.
So if John suddenly finds his ability to muck around on the dark web has been severely curtailed, he’ll know exactly why.