Late yesterday night, I tweeted about my website disappearing into thin air. In case you missed it, here are the tweets:

A good handful of people have been asking me how exactly you “lose” a website (and on a side note, another good handful have taken this opportunity to persuade me to switch to their host, which I’m not going to do), so I decided to outline what hap­pened that caused my website to disappear.

A while back, I signed up for Cloudflare, which is a service webmasters can use to enhance security on their websites. One of the things Cloudflare does is reroute your traffic through their servers, which helps block malicious users. On top of that, Cloudflare gives you the option to store copies of static files on their local servers so data spends less time traveling to visitors and loading times decrease.

One of the downsides of Cloudflare is that it’s not quite easy to set up if you’re not thorougly familiar with your server’s set-up, and once it does get set up, there are a lot of things that you have to change during your normal usage, such as using the “direct” subdomain when accessing ports, and using the “ftp” subdomain when accessing FTP (rather than just using your regular domain name). Each of these individual services must be documented within Cloudflare, and if one of them isn’t properly added in your Cloudflare domain settings, it will not work properly. For example, if the IP address of your web host’s server is not set properly, Cloudflare will not work properly.

Keeping this in mind, and knowing that my web host switched servers, I knew that I would eventually have to change the settings in my Cloudflare domain settings. Trying to prevent any downtime at all, I updated the IP address to that of the new server as soon as possible. Unfortunately, just changing the IP address is not enough for it to continue working properly, and apparently there was something else I had to change that I did not know about. Shortly after updating the IP address, my website went down.

From this point is when I basically “lost” my website.

Seeing as Cloudflare was no longer able to find my website at the provided IP address, it started serving a cached version of my pages and showed an alert that said my website was offline. After fiddling a­round with my domain name settings some more, I had the faint idea that I possibly was not supposed to update my IP address on my own, and that Cloudflare would do it automatically. So, I reverted my changes and switched my IP address back to the old one.

That didn’t work either.

I knew that my website was somewhere on the Internet, but I wasn’t able to find out its IP address so I wasn’t able to figure out where I would go to access it. To make things worse, there’s this thing called DNS cache, where the link between the domain name and the IP address is cached so changes don’t update globally in real-time. Basically, I was forced into a trial-and-error situation, but between each trial I had to wait anywhere between a few minutes to a few hours to figure out if the trial had worked; to make things even worse, if it did not work, I would have no idea if it either was still updating settings, or if it had already failed to work.

At this point, I was getting extremely frustrated, so I removed my website entirely from Cloudflare and started from scratch. I added my domain to my account as if it were my first time using Cloudflare, and went through the initial set-up wizard so Cloudflare could detect my website’s configuration itself.

But that would be too easy.

That’s better.

After Cloudflare successfully alerted me that Cloudflare was offline in a Cloudception-like manner, I raged a little bit, went to the kitchen to get myself a snack, figured out how terrible aged cheese tastes, itched the top of my head a little bit, then came back to see if Cloudflare was back up.

Knowing my luck, you would probably expect me to say “it wasn’t,” but surprisingly, it actually was back up.

I ran the initial set-up wizard again, waited a little under a minute, and got my results. Cloudflare’s con­clu­sion? It couldn’t find my website either. It asked me to finish setting up the configuration myself.

After almost-literally-but-not-quite falling out of my chair, I removed all traces of Cloudflare from my website, changed my nameservers back to those that point directly to my web host, made a face at my laptop screen, then went to sleep. I figured that if I try this hard and still can’t find my website, it can go die of dehydration.

When I checked again this morning, like an abandoned cat making its way back home, my website re­appeared out of nowhere and worked fine. And, like an abandoned cat, I couldn’t really ask it where it had been.

So that basically sums up this story, as well as the story of my life: try really hard to figure something out, epic fail and take a nap or go to sleep in frustration, then notice the next day that there was a pathetically easy solution to the problem and realize that I wasted several hours the previous day.

Based on my experiences from the past few days, I have compiled a list of things that can go wrong while going to your circuit clerk’s office to submit some paperwork.

The first thing that can go wrong is that the receptionist who answers the phone when you call to check business hours has no idea what she is talking about, and tells you that the office is open the day after Christmas, even though Christmas was on a Sunday and the day after Christmas is Christmas Day Observed.

“We are open every week day.”

“Are you sure? Even though this coming Monday is the day after Christmas?”

“We are open every week day.”

“I am going to be very disappointed if you guys are not open.”

“We are open every week day.”

Guess what they were on the day after Christmas?

Closed.

Guess what I was?

Very disappointed.

Earlier today, I stopped by the office for my second attempt. Everything seemed to be going as planned, except for the fact that the circuit clerk’s office is so concerned about security that the only way to communicate with the person with whom you are working is to talk through a five-inch hole in a safety-glass panel and pass papers through a tiny slit towards the bottom of the panel.

Whoever built the glass panel apparently also thought it would be a good idea to make it soundproof as well, because I wasn’t able to hear half the things the receptionist was saying unless I shoved my ear directly up into the tiny hole.

After finally managing to marginally understand what she was saying, I figured out that I was apparently supposed to show more papers to a judge. Although I was slightly confused, I agreed and headed over to the court room.

After checking in with another receptionist, I was put into a waiting list along with other people who were waiting to see the judge for other random reasons.

The line seemed to be going relatively fast until a random old man started having issues.

Apparently, from what I was able to pick up, the issue was that the man didn’t comply with the requests of the security officials who were guarding the entrance of the building. Normally, you’re supposed to remove all items from your pockets and place them in a box, and take off all heavy outerwear, then walk through a metal detector while your belongings go through an x-ray machine (similar to what you do at an airport). Supposedly, the man thought it would be a great idea to not remove his jacket, even though he was told to multiple times.

After he was done wasting everyone’s time, two old women went up to the judge and started having another argument. Apparently, one of the old women’s daughters was supposed to show up to plead guilty or not guilty to a traffic violation she had received, but instead of showing up to court, her mother and her grandmother came on her behalf.

After another good handful of minutes of the judge explaining that the person who receives the violation must show up in court and there can be no substitutions, the old women finally gave up and the daughter was given another opportunity to show up to make her plea.

After over half an hour, it was finally my turn to spend five seconds giving the judge a sheet of paper.

Because I’m sure that story made you as frustrated as I was when I was in the circuit clerk’s office, here’s a random picture I took today of a tranquil lake to soothe your nerves.

If you visited my website earlier today, you might have noticed that it was hacked for a short period of time. Fortunately, I received a few emails letting me know, and I was able to investigate the situation immediately and get everything repaired within a few hours of the attack.

For those of you who missed it, all the content on my website was removed and replaced by the fol­low­ing message:

I did some thorough detective work with my friend who owns my website’s hosting company to find out exactly how this happened. One thing I immediately noticed was that all the pages of my website were being forwarded to a suspension page. After seeing this, I had a good feeling that it wasn’t me or my website that got directly hacked, but this was a result of my website’s host getting hacked.

Basically, what the hacker did was hack That Hosting and suspended all the accounts on the server. Then, the hacker set the suspension page to the message above, so it would look as if the hacker was able to hack every single website on the server individually. Once I figured this out, I knew that it would be an easy solution – just log in to the administrative control panel and unsuspend my account. Un­for­tunately, the hacker changed my password and the email address associated with it, so I wasn’t able to log in as an administrator.

I texted my friend, and after a short while, we managed to get everything sorted out and working back to normal. While my friend tried to figure out who the hacker was, I was more concerned about how the hacker gained access to That Hosting, so I traced recent activity on the server to find out what the hacker did. After a little bit of sniffing around, I was able to figure out exactly what the hacker did.

First, the hacker used a security flaw in Web Host Manager Complete Solution (WHMCS) to inject PHP code into our server via the support ticket system. For whatever reason, WHMCS thought it would be a good idea to let people use {php} to start PHP parsing in their ticket. The hacker injected an extremely long chunk of PHP code; a sample of what it looks like is shown below.

Once the support ticket was submitted, the injected code ran on the server and started creating files. When it was done executing, it sent a confirmation to the hacker with the following message:

The hacker could then navigate to the file specified in the confirmation message to find a file that would allow shell access via CGI. The hacker would log in with the password provided in the confirmation message.

Once logged in, the hacker would have complete access to the web server and be able to run any commands as desired. For those of you more familiar with Windows operating systems, this is basically like opening a command prompt and being able to type in whatever you want.

To demonstrate that this works, I ran a command to delete the xa7m3d.evil file (which was the CGI-Telnet file). After I submitted the command, no error messages appeared, which most likely means that the file was successfully deleted.

To confirm that the file was deleted, I refreshed the page, and got a 404 (file not found) error.

Thus, I was able to verify that the commands entered into this program ran successfully and the hacker could do whatever (s)he wanted with the server as long as (s)he knew what the proper commands to use were.

So what was I able to conclude from this? It’s clear that the hacker group 10:01 aren’t really hackers, but a bunch of people who search the Internet for programs and instructions they can use to hack other people. The only real hacker here is xa7m3d, who coded the actual tool and identified the PHP injection method that 10:01 used to hack into That Hosting.

So before you go around being a script kiddie and hack people’s websites, make sure that you only hack unexperienced people, because if you hack someone like me, I’ll call you out on my blog, explain exactly how pathetic you are, and tarnish your reputation.

For those of you who do not understand why that image is such a fail, examples of crustaceans are shrimp, crabs, and lobsters.

Not ants.

If you’ve checked out my profile page at all lately, you probably know that this is my second year attending my university.

Do you want to add another fun fact to your repertoire?

I still get lost.

For whatever reason, my sociological enterprise course decided that today would be a great day to meet at a random place called Memorial Library. From what I’ve heard in the past, Memorial Library is one of most famous and most used libraries on campus, next to another library called College Library. The only problem is just that – it’s used by too many other people. If you know me, you know that I like to stay in less-populated areas with less people around me, reducing the chance that someone will recog­nize me.

After I found out that my class was meeting there, I had no choice but to find out where this Memorial Library was. We were apparently going to learn how to use the library databases (which I already figured out how to do when I was in first grade in elementary school), but attendance was being taken for our participation grade, so I had to go.

To accompany my commentary, I put together this map:

The location circled in bright green is the building in which my sociological enterprise course normally meets. The location in the top left corner is where I was when I looked up Memorial Library on a map and tried to memorize its location. The pin labeled "A" is where Memorial Library is.

Yes. The red line is the path I took to get there.

Let the laughter begin.

While I was chatting with a buddy today, I mentioned that I would be right back because I was going to cook a pizza. My buddy asked if I had an oven in my studio, and I replied that I didn’t, and that I had a mini-oven. She was curious to see exactly how I cook a 12-inch pizza in a mini-oven, so here’s what I do.

First, I take out a pizza from my freezer and remove the packaging.

Next, I rip the pizza into four pieces. I rip it instead of cutting it with a knife because if I use a knife, I would have to wash it, and I want to minimize dishwashing.

After that, I take two of the chunks and place them on an oven plate such that the round portions are facing inward and the ripped corners are aligned with the edges of the oven plate.

Then, I stick the two chunks of pizza in the mini-oven and cook it for 10 minutes at 450°F/230°C.

Finally, after the first two chunks are done, I repeat the last two steps with the other remaining two chunks of pizza, this time cooking them for 9 min­utes.

My tendancy to come up with ideas on how to do everyday tasks with limited resources is how I’m able to live such a minimalist lifestyle.