When you move IP, move all the IPs

I recently moved the server hosting this site and my photoblog to a new Linode. About time too as the old one was full of cruft built up over a decade of upgrades. It had finally reached the point where I had trouble finding new dpkg files for software that wasn’t as ancient as my installation. Updates would stop in the next year or two as well, which was a huge problem.

When I did move, I pointed the DNS at my new server and all seemed fine. That is, until I saw an email from Google on Friday saying a new user had been added to the search console for www.inphotos.org!

I don’t use the www hostname on any of my sites, and didn’t actually have a search console property set up on that site. I don’t remember now if I had to create one, but when I eventually logged into it, I found an “Ian Trader” already in there. He was a validated user, too.

He had been allocated the IP address of my old server. He saw that www.inphotos.org still pointed at it and asked Google to validate his ownership by uploading a HTML file to his server.

A screenshot from the Google search console showing the ownership verification details of the attacker who created a validated account on www.inphotos.org
A screenshot of my browser showing the validation file the attacker used to gain access to the search console for www.inphotos.org

Yikes! Quick as I could, I checked the DNS and found that yes, www.inphotos.org was still pointing at my old IP address! Damn.

Fixing it was fairly easy, I thought. I removed that user, and removed the www hostname.

However, Ian had one more trick up his sleeve. He had put a sitemap on www.inphotos.org, and it led to 129,864 fake links that Google could not index.

Screenshot of the "page indexing problems" chart from Google Search Console showing 129,984 problematic pages since last Wednesday.

It looks like he was setting up a malware server with the names of books on each page:

/c/pdf/upload?PUB=new_apostolic_church_hymn_collection_songs&blackhole=017
/c/pub/go?EPUB=hawker_battery_charging_instruction_manual&daily=034
/c/pub/list?BOOK=a_shade_of_vampire_7_a_break_of_day&dua=047
/c/pub/list?EPUB=ib_vietnamese_past_paper_2013&monument=094
/c/pub/list?PDF=lowepro_user_manual&codevember=001
/c/pub/list?PDF=suzuki_swift_owners_manual_2009&bubbley=087
/c/pub/upload?PUB=caravaggio_ediz_illustrata&particles=015
/c/pub/upload?PUB=mi5_and_me_a_coronet_among_the_spooks&sassy=021
/c/pub/url?BOOK=radiation_detection_and_measurement_solutions_manual&delapan=081
/c/pub/visit?EBOOK=mercruiser_hp_engine_manual&daily=009
/d/book/data?PUB=gossie_and_gertie_gossie_friends&particle=016
/d/book/file?DOC=engine_repair_manual_for_f550&dribbble=005

I fixed those with some simple mod_rewrite rules, so visiting those URLs should take you back to the homepage. Google is validating my fix now. Besides, that fake sitemap is gone, so I expect Google to forget about them soon, I hope.

So, when you’re moving websites around, make sure you update all the DNS records for your sites. I may not have noticed for a good while if he had set up the redirect scripts on his server correctly and didn’t go into the search console.

The Joy of Books

This video reminds me of that feeling walking into Waterstones or other book shop of the worlds waiting to be discovered on the bookshelves lining the walls and in the “3 for 2” piles of books displayed near the door.

I love reading, but I’ve hardly read a paperback in over 18 months. When you’ve found a great book it doesn’t matter what format the story is in. I do miss the book shop ritual though.

From one of the comments on that video:

I read, share, discuss, donate, gift and love my ebooks. So should you. Don’t hate only the latest incarnation of? books. I imagine scroll-fetishists thought that bound folios were the work of the devil. Sigh.

(via Kathy Foley)