Today, someone broke into the server on which my “Norwegian weblog”:http://antibiomatika.net/ is hosted. All due to what my host admitted to being a stupid human error — they booted the machine on which the site resides with the wrong kernel (a vulnerable 2.4.18 kernel) and opened themselves up for a root exploit.
I blame Internet Explorer for this problem.
No. You didn’t miss anything: _I blame Microsoft Internet Explorer_ for this problem.
Once more, with feeling: _Internet Explorer is the problem_.
You see, this particular breakin wasn’t done by the average scriptkiddie with a need to deface web sites with his “0wn3d” tag. The breakin was done by someone with an economic motive for breaking in.
On every index.html document on the server (and this being shared hosting, there were quite a few of these), the following code was inserted right after
A friend of mine discovered this, because her computer crashed every time she went to my site, after some porn program had tried to install itself on her computer. If we look at the document referenced in the iframe, it contains:
Tries to install the FCI dialer on nearly every window <it opens.
So, as you see, the people who attempted the breakin on my hosts server had a clear economic incentive to break in and silently altering web pages. And they do know how to hide their tracks. The domains pointed to reside in Latvia, Panama, Russia and Canada, and I wouldn’t be too surprised if the whois information is as fake as a blow-up doll.
So, _I blame Microsoft Internet Explorer for this problem:_ If Internet Explorer hadn’t made users such an easy target for scams, these scumbags wouldn’t have had the same incentive to break in and mass-alter web pages
If this collection of organized criminals were unable to use _a browser_ to hijack someone’s phone line and monitor their habits, the sites involved would never have been a target.
My Norwegian blog is entirely non-commercial, and I discovered the problem within a few hours, so I didn’t loose any money over this, just time and temprament. But, for a small-time Internet business, this could have been a lot worse. Being tainted with having “installed porn” on a users machine might drive customers away on a permanent basis and ruin your reputation.
And I repeat: None of this would have happened if Internet Explorer had been a safe, sandboxed browser to begin with. A web browser has no business whatsoever installing software. _None, never!_