Yesterday Blogger was hacked.
When I got the news, I sorta freaked out. I immediately went to pamelajoy.com to change my password. When I tried to log in, I got an error message: "Unable to evaluate login" or something like that.
I assumed that the person who hacked Blogger had changed my password. So I e-mailed the system administrator to change it to something else.
Next I went to the Support Forum and posted a message:
I received this message from blogger:
"Wednesday, December 26 2001, 7:45 AM: NOTICE: Blogger has had a security breach. We are working on restoring the system now. As a precaution, we advise you change your FTP password on your server if you had it stored on Blogger. We should be back up and running later today. Sorry for the inconvenience. Crackers have not respect for vacation time, it seems."
I immediately went to my Control Panel, but it won't let me in.
What do I do now?
I hung around the forum hoping someone would come in and help me. In the meantime, I changed my FTP passwords at GeoCities and Angelfire.
I tried everything I could think of. I used the secure login of Absolute Telnet to try and change my password from the web shell. I thought my problem might be solved.
So posted again in the forum:
My password works in FTP and absolute telnet. I'm trying to figure out how to change my password there.
My skills in telnet are rusty and I couldn't remember how to do it.
Again, I posted in the forum:
I logged into to the shell via Absolute Telnet. I couldn't remember the command to change the password. So I went back to the old Ikonboard and found it.
I typed passwd at the prompt and I got this:
bash: /usr/bin/passwd: Permission denied
My password works to get into the shell and for FTP. However, when I try to login to Account Control, I get this error message: Unable to authenticate
I kept trying my login at Account Control, and then it dawned on me to try clicking on the login button instead of pressing enter on the keyboard. Then I was able to login. I just tried it now, and I can get into Account Control either way. So I don't know what was going on yesterday.
Finally!
"Change Password: Success! Password Updated."
Crisis over... we will resume our regularly scheduled panic attack.
Now I'm trying to decide whether or not I should continue to store my FTP password at Blogger. If I don't store it, Blogger is a lot more cumbersome to use. *sigh*
Is it possible to have a special password just for FTP?
Also, if the cracker had used my password to get into my account, what could happen? Could they use my password to mess up anything in the shell account? What's the worst that could happen? I'll post this question in the forum.
I have my entire site backed up on my harddrive, on CD and on two mirror sites so if a cracker just messes up my pages, I could fix it.
Anyway... things seem to be okay now. I do tend to get really excited when something like this happens. It may be that I typed in the wrong keys, but it's hard for me to believe that I'd do it several times. (I did not have the cap locks down *grin*)
