pquirk.com gets hacked

So, an interesting thing happened a couple of days ago, I got a notification on my WordPress phone app about some failed login attempts at my blog. Since this is running on my server running open source software that I installed, I get access to everything that happens. Every error log is captured, saved, and eventually archived.

How do I know it was a hacker? First of all, there is no obvious link to an admin login from my main page. If I wanted someone else to create a post on my blog, I would send them the link. Since this is a personal blog, I’m the only one who would ever log into it, and since I use a secure password manager from a secure device, I never have a failed login. So, when I check my activity log using a secure app on my phone and see a lot of failed login attempts, I look a little closer. When I see user names like jake, admin, teste, qwerty, user1, pquirk, and paul as user names being used to access my blog over and over again, I know that something’s up.

Each attempt captures the IP address of the person attempting to hack my website. Using a utility called whois, I can find out information about this IP address; who owns it, with full contact information. So jake failed from 123.16.70.105, which resolves to Pham Tien Huy of the VietNam Posts and Telecommunications Group from Ha Noi City. The next IP address used was 14.232.111.13, which also resolves to the Vietnam Posts and Telecommunications Group, also owned by Pham Tien Huy. Each attempt was from a different IP address, all resolving back to VIetNam. Odds are very good that different people from VietNam are attempting to hack into my blog; rather, this is probably one individual using either a VPN or proxy server.

I do have options in the event of getting hacked. I could contact Pham Tien Huy with the time, date, and IP address, and that person would tell me the IP address of the person who connected; in effect, trace it back to its origin, and then I could get that internet provider to provide me with details of who used the originating IP address at that time, then I could take action against that person, as nobody is truly anonymous on the Internet. That’s more work than I care to do right now, so another strategy I could employ is to block them with my firewall. Since whois gives me the entire range of IP addresses that this came from, and since it’s unlikely anyone from VietNam would ever read my blog, I could block that range of IP addresses; say, 14.244.0.0 – 14.255.255.255, with the “ufw deny” command. However, I don’t feel the need to do that either. This blog, and my web site, are hosted on a Linux server that exists for real in my basement. It’s locked down with the latest security updates and strong password encryption. In a worse case scenario, I can pull the plug, re-load from my daily backup, and be back up and running within minutes. I confess to actually getting some amusement scrolling through my logs to see this loser waste time in his (or her) pathetic life trying to hack my little insignificant blog. The only time my site goes down is if there’s a power outage in my area, or when I need to reboot after installing the latest security updates.

I do wonder, what kind of pathetic loser would try to hack a site like this? Then I realize that the truths I post are going to be offensive to those who profit from ignorance and censorship. The kind of person who has multiple fake Facebook accounts created from these multiple fake IP addresses so they can game Facebook’s heavy handed censorship policy by having them all report an “Offensive” post so a person can be censored. Except this time, it’s different. This time, their complaints would have to go to me. Of course, they would never air their grievance with me, because, deep down inside, they know that I’m right, that I speak the truth, and they’re a weasel who can only use underhanded tactics to silence me, and so that’s what they resort to. This motivates me to continue with this, to write candidly and openly about things that matter. Facebook’s fired. This is the home for my speech, and I won’t be silenced by some pathetic loser.


5 Replies to “pquirk.com gets hacked”

  1. Paul, I’m impressed you run your own server, and knows how to setup and the maintenance to keep it secure. Cool!

    And it can indeed be nice to have the content at your own site; a place where you clearly are the owner of the content, keep control and decide what can be written or not, only limited by laws and your own ethical etc judgement. When you run it on your own server, you have also omitted any limitation the web hotel may have stated.

    1. Thanks, Henrik! I always envisioned a future where each individual connected to the Internet would have a computer or computing device that would serve as their place to share whatever they wanted, and if you disagreed with them, you simply wouldn’t go to their site…not this centralized crap where everybody is pushed together and are reporting on people whom they disagree with.

  2. This person tried to hack my personal e-mail, a day ago. That is how I came to your blog, I only use this E-mail for like 5 websites and to ocassionally e-mail someone. I don´t have anything onthere of importance and I don´t understand why this Pham Tien Huy would want access to my E-Mail. Btw I´m 19 and still in school so he can´t even get access to anything like company stuff or anything.

  3. Hey, last week some person tried to hack my google account and I took their ip address and used the same website and it was also that Pham tien guy. I know this happened a while ago for you but I was just wondering if you ended up doing anything like calling up the phone number you got or anything more because I’m just shocked that I find someone else that has the same hacker as me and that they are still doing it.

  4. Guys, be smarter!! He is not a hacker. He is the one from an ISP in VN who registered that IP range. Someone from VN tried HTTP flood attack on your sites. It’s a basic attack that most developers can do with just a few lines of code.

    Tracing an IP on the internet is so simple and not too much information for you guys. Pham Tien Huy is just a register of the ISP, you need to contact ISP administrators or government to get the real source, which I don’t think you guy can do.

    Even someone tries attacking via a free proxy or a hacked proxy is not too hard as well. Do you think you can trace them??

    Rather than tracing every attacks, why don’t just block HTTP flood attack or add a rate limit to your site/api??

    Be smart 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *