“Castle Garden Landing for Emigrants, Barge Office, Battery” published by Charles Magnus & Company (New York, NY)

Needhamia Emmigrates to a New Needhamia.com

Due to an attack on the old, out-of-date Needhamia.com web site, I’ve rebuilt the site on a modern host, rebuilding from LibreOffice files of the old posts to avoid transferring any infection from the old site.

The longer story

I created the old needhamia.com in 2014. The web provider has considered that site “legacy” for several years. Unfortunately, that status meant the site became vulnerable to attack due to obsolete versions of software: 3 times in the past few years the old needhamia.com was compromised, usually by modifications to its .htaccess file, among other things. I finally got fed up with the attacks and decided to create a new, modern site. To avoid reinfection, I’m not doing a simple backup of the old site and restore to the new one.

I suspect that the main vulnerability was that the site was running an obsolete, vulnerable version of PHP, that could not be updated because of the age of the host. Fortunately, the new site is bright, shiny new and runs the latest software.

Evidence of Infection

With the first and third infections, I received a helpful note from GoDaddy’s security arm, telling me the nature of the attack. I noticed the second attack before they did, when I did a Google search of my site and found the hits directed me to (ostensibly) a pharma site.

Each infection seemed to be aimed at directing traffic to sales sites, but you can never be sure what the actual purpose was. Once a site is compromised, it can be used for any nefarious purpose.

The infection evidence was:

  • there were ftp accounts that I didn’t create. These accounts can be used to change anything on the site.
  • the main .htaccess file had been modified to return pointers to other sites, but only when a major search engine was making the web query. For normal access, you wouldn’t notice the infection.
  • several obfuscation php files had been created, which used random English words as variables for tiny fragments of code, so that a virus scanner would not see the virus’ signature.

Now that the old Needhamia.com host has been deleted, all that’s gone, and the Nation of Needhamia looks to a bright, new future.

Featured Image: “Castle Garden Landing for Emigrants, Barge Office, Battery” published by Charles Magnus & Company (New York, NY). Public Domain, courtesy of the New York Metropolitan Museum of Art.