Here are the videos uploaded in YouTube by our former Deaf Trainor Ma’am Tina Malay, a Gallaudet alumna. It’s about the visit of Davin Searls to the old building of MCCID College of Technology in Cubao. Davin is the Executive Director of Discovering Deaf Worlds (DDW) and had an interview with Sir Ervin Reyes. Enjoy! 🙂
Ma’am guided Davin Searls to visit the old building of MCCID College of Technology in Cubao. He is Executive Director of Discovering Deaf Worlds (DDW) and had interview with Sir Ervin.
Ma’am Tina guided Davin to meet Mr. & Mrs. Esposa at the Registrar’s Office. Ma’am Beth volunteered to interpret the conversation between Mr. & Mrs. Esposa and Davin.
Let’s put off my deaf advocacy hat here temporarily and put on my web designing hat in order to give you the technical details of what happened. After arriving from an appointment the whole day last Monday (November 21), I was very much surprised when our Deaf Trainor Sir Jerome approached me and gave me the shocking news that our school’s official website “www.mccid.edu.ph” was hacked!
As he was demo-teaching Internet subject that morning and used our school’s site as his example, he clicked on a page link. He got stunned when a porno site appeared! His students were also surprised and resorted to teasing him assuming that he is fond of opening these sites. When he clicked on the back button, the home page appears unchanged. Again, when he tried to visit another internal link, same thing happened! That disgusting porn site appeared again and again! He felt so humiliated about it. But when he gave me the bad news, I took it as an emergency case.
I have experienced before having websites I designed being hacked by malicious people who have nothing more to do than take glory in destroying other people’s reputation. The first one was with a website I designed being defaced. The other was the Official Government Website being turned into an Middle Eastern Propaganda site. This is the third one .
I took things calmly and tried to make some sense out of the flimsy belief that WordPress sites are difficult to hack. Well these bastards have done it again! Here are the things I did.
First I tried looking at the codes to see if they actually changed the href tag. They didn’t! WordPress uses php functions to control the links.
Then I tried checking the site’s files/folders using ftp to see if there are suspicious files added. There weren’t.
Probably there is a vulnerability in having an outdated WordPress version (3.1.1) so I updated to 3.2.1. Again, the site still redirects to a porn site.
I tried checking on the Permalinks. On the left menu, I clicked on Permalinks under Settings group. Then I selected the default setting format. It worked! The posts went back to their original content although the permalink was changed. Also, the changes only affected the posts, but not the pages.
So I looked for plugins that changes the Permalink settings by adding .html or .php on URL and not just the common one. I did find two; the .html on Pages and the Improved Page Permalinks. It didn’t work. It didn’t even change the sites in-links.
I also tried the Exploit Scanner plugin to view some weak links. But it also produced negative result. I simply cannot find the culprit.
So my last resort is to do what I similarly did with the government website, I need to re-install WordPress. But I gave myself another crack at it. I noticed that when I used Filezilla to view the file directory, all of the WordPress files dates were modified on November 21, the day I updated the version, except for .htaccess file. My doubts became more apparent when I saw the date created was 11/19/2011, which was just fairly recent. That’s most likely the date the malicious person penetrated my site.
To erase my suspicion, I opened the .htaccess file and bam! The file content was compromised! Instead of 401 code File not Found, the malicious hacker changed it to his own porno site. According to Wikipedia,
A .htaccess (hypertext access) file is a directory-level configuration file supported by several web servers, that allows for decentralized management of web server configuration.
The original purpose of .htaccess – reflected in its name – was to allow per-directory access control, by for example requiring a password to access the content. Nowadays however, the .htaccess files can override many other configuration settings including content type and character set, CGI handlers, etc.
So this is the one that overridden our school’s website. When I opened the file, the porno site URL appears!
The same thing happened to the WordPress .htaccess file. It overridden the file with its own. It even removed the WordPress built-in codes.
Now, how do we solve these problems from cropping up again? The answer is, NONE. So long as there are mischievous, good-for-nothing guys out there whose main goal is to destroy others business, the hacking remains. But you can help minimize the intrusion by doing these simple suggestions:
BACK UP, BACK UP, BACK UP OFTEN – WordPress developers have created plugins to automatically backup your database. My favorite is WordPress Database Backup by Austin Matzko. But nothing beats the old ftp back up style which you all web developers are used to. In this case, I simply deleted the .htaccess file and re-copied the back up one.
Don’t use .htaccess on your main server folder. Hackers usually look for this file as one of the common way to enter your fortress.
Since WordPress makes good use of .htaccess file, make sure that the file attribute is set to 444. This means it can only be read but not written.
Always update your WordPress CMS version. Remember that these malicious guys often attack softwares that are popular and has widespread use. Think about Windows OS as against Apple OS. WorPress is now the most used CMS in the world. Hackers often race themselves in how to crack its codes in order to make them feel satisfied in penetrating the top and the best. But I’m pretty sure the WordPress good guys are doing overtime to make our sites safe.
Consider this as a learning experience and a time for you to brush up your web designing skills. I have been pre-occupied lately by activities related to the deaf community so I don’t update my sites as often as I used to. So I took this situation as an opportunity to review my web design lessons. 🙂
On September 12th, approximately 150 deaf people marched to the House of Representatives in the Philippines to push for the passage of two bills mandating the use of sign language in court (HB4631) and on televised news programs (HB 4121). Many of the people who marched were members of the Philippine Deaf Resource Center. The Center gathered over 100,000 signatures calling for the enactment of the bills. The Center expressed in a letter to the House Speaker, Feliciano Belmonte, Jr., that the “120,000 documented deaf … Filipinos will definitely benefit from such practices, making it possible for [the deaf] to [comprehend] timely and relevant information.”
Currently, major news programs in the capital city, Manila, do not use subtitles or sign language insets. According to the Center, “although some regional stations have started utilizing sign language insets with the help of non-government organizations, this practice is unfortunately not carried out by their mother stations.” Lawmakers also cited data from the Center that demonstrated a need for interpreters during investigative and judicial proceedings due to the high incidence of criminal cases that involve deaf persons. The authors of the bill also stated that it is the responsibility of the State to provide interpreters during any government proceedings including police investigations and court or public hearings.
1. Deaf People March to Demand Sign Language in Courts, TV News, Disability News Asia, Sept. 15, 2011, available at http://www.gmanews.tv/story/ 232189/deaf-people-march-to-demand-sign-language-in-courts-tv-news