I don’t host any of my sites, except for git.vlinder.ca, myself: my Internet connection isn’t reliable enough, power outages are too frequent, and it’s basically too much of a hassle. So, my sites are hosted by a professional hosting service and that service is responsible for the security of those sites. How annoying is it, then, when three of those sites get cracked through the FTP server?
A few days ago, a friend of mine told me that this blog had been cracked. Sure enough, there was an image of a large eagle on the site, and some annoying tripe about that being a service to the wider community. If you want to serve the community, you can tell the owner of a site that you’ve been able to get into their FTP server and, as a proof, leave a file – and then E-mail the server’s administrators to say what you’ve done and where to find the proof. That way, there’s no harm done and everybody has a better Internet at the end of the day.
De-facing a personal blog of an embedded systems programmer, the site of a fledgling consultancy (Vlinder Software), the website of a gang of squirrel-loving gamers and the website of a farm is hardly a service to the community: that’s just being annoying.
Granted, they didn’t wreak any real havoc on any of the three sites: they only dumped an index.html file in the root directories. It’s annoying anyway.