I was hacked this past week.
Not Engineer Blogs, but where I keep a few of my other sites. It’s a virtual private server or VPS. This means I’m in charge. And I’m doing it wrong.
I think this is probably a function of being an engineer, right? I have experienced firsthand how easy it is to learn and apply knowledge over the years. Oftentimes, it takes the following form:
- Find the information. Thanks, internet.
- Replicate the style of the information you’ve found in your own project. In programming, this starts as “helloworld.c” or similar. In 3D printing, this is printing a simple hexagon block (also used to calibrate). You’ve gotta start somewhere.
- Begin to modify. Change the code, add more components to your spice simulation, start adding parts in your 3D modeling software.
- Lather, rinse, repeat.
Some people would refer to this not as “learning” but instead “hacking on something”. That might be a fair account of how it ends up being, but I’ve found this is how I learn regardless of whether it’s a classroom exercise, working at my bench (I love app notes!) or even fixing stuff around the house.
So what did I do wrong this time?
Nothing directly.
I just didn’t keep up with the learning as fast as the hackers/crackers/script kiddies (see, I don’t even know the terms) started attacking my site. It turns out that something I implemented had a vulnerability in it, and I didn’t look into it before implementing it. Once the crap hit the fan, I wasn’t able to respond fast enough so I asked my host to pull down the whole server. After that, it just got messier and messier. I couldn’t get the host to respond to me, I couldn’t figure stuff out to keep the server safe, I couldn’t even shut down the server remotely and make it stay down. All in all, I felt pretty terrible and helpless.
What should I have done?
I shouldn’t have been a cheapskate, like I always am.
I should have paid for better hosting, I should have paid to back things up, I shouldn’t have used a free wordpress theme off without thoroughly checking it out and I should have possibly even paid to have someone do all this stuff for me (as we do with EB, on a shared host). But I thought I could do it and I tried it.
In the end, I learned I need to pay for what matters. Yet another, “you get what you pay for” type of story. I know I’m not alone here.
Have you seen this in your engineering life? Perhaps you hired a cheap consultant? Or didn’t spell out the terms of a project with them? Or you bought the cheap version of some piece of equipment and it failed on you? Let us know in the comments.
Thanks to brianklug for the picture.
Don’t mean to be an ass, but I want to add one more question to challenge you. I know you mean well with your sites, but if you’re going to get better servers for your sites, how the f*** are you going to pay for it without having it eat a big dent in your budget? Something to think about when you shape the marketing model.
Sometimes it’s not being a cheapskate that gets you, its arrogance. After all, we’re engineers! We should be able to design/build/fix anything, right?
I had a close call with that version this week. I needed to measure some inductive structures using our probe station and a network analyzer. Once I got into it, I found out I had mismatched probes, so I wouldn’t be able to use any of the standard calibration routines. ‘Damn – now I’ll have to set up my own calibration file. I know there’s an app note for that somewhere….’
Luckily I came to my senses before I got too far, talked to my supervisor, and ordered another probe. I probably just saved myself two weeks of pulling my hair out trying to make sure I had a decent measurement.