Fixit is still providing the same great service, but is now located on the west side in Beaverton! The news is coming a little late since we moved last May, but we will be moving within Beaverton next month to a new location closer to my day job.
Speaking of my day job, last year my job title changed to Senior Support Engineer since I made the lateral shift from System Administrator. This has really freed up my time after-hours since I am no longer on the hook for critical systems issues when I’m not “on the clock”.
I have an awfully embarrassing confession to make. At some point last year FixitPNW was hacked. Yes, I was hacked. No one is immune! I had another domain hosted for an old online gaming team I was a part of in my teens called Apocalyptic Visions. I had found and old backup of the site and put it up for nostalgia. It was a (very geeky) counter-strike clan site which used an old version of PHPBB for the forum which I didn’t bother to update since the site wasn’t in use anymore.
Well, it turns out the forum was so outdated that there were known security flaws that had been exploited in order to gain access to a user account which was also used on FixitPNW.com. With root access to the site, they successfully defaced it.
I have learned my lesson however. Any of my sites that use a third-party CMS like WordPress or Drupal, or that use forum software are kept up-to-date. I’ve also verified that all hand-built sites use the best strategies to avoid cross-site scripting (XSS) and SQL injection including refreshing session ID’s, and sanitizing all un-trusted variables such as cookies and GET/POST variables.
Security is a constantly evolving topic. As such it is my mission to stay on top of the latest in web security, and to always build with security in mind instead of implementing security as an afterthought. Like Mulder said in one of my favorite old TV shows, “Trust No One”.
Entry filed under: Tech Tips. Tags: .