On Monday, while I was sight-seeing in Oban, I was informed by a client that they couldn’t get to their mail. No problem, thought I, as my iPad was in my camera bag and iSSH was always ready to get me connected. I logged on to my host’s admin page and went to reboot the server only to see it was locked. Very odd. So, I called up the support phone number, all while still at the top of a hill with a camera around my neck, and they told me that my server was locked for Child Porn. Oh, fuck.
They couldn’t tell me any more, and there was nothing I could do. I didn’t sleep well that night and my sight-seeing break would be a lot less fun, as I’m sure you can imagine. How did my server have the worst of the worst attached to it? I’m a Sysadmin, so I knew being hacked was pretty unlikely and I knew all of my clients personally, and none of them would be as stupid to be involved with that on my server. Luckily, my partner, friends and clients knew this was not something I could be involved in and I got a lot more understanding for why their mail and sites were offline than I thought I would, even though it was obviously a big deal for a lot of them. How could this have happened?
The next morning, I checked my emails, including the account I usually use for my domain hosting, and found a message notifying me that my URL shortener tw3.it was used to link to “Pedophiliac material” on a “pedo BBS”. This actually came as a relief for two reasons. Firstly, that pedophile BBSes are actively monitored by white-hats and secondly that it meant, like I suspected, that none of my friends were involved and that my server wasn’t compromised. The down side was that I would have to jump through hoops with a hosting company that is renowned for, how can I put it, offering lower priced hosting deals by saving on customer-facing options. Yes, their customer service is excellent, but you can only contact their legal or abuse departments by email. This meant lots of waiting. I’m not sure I can actually find fault with my hosts as, even though I’d have liked them to have been a bit quicker at getting my server back online, this is child porn we’re dealing with.
So, where did I go wrong? I offered a service for free that anyone could use to shorten URLs quickly and conveniently. You probably never heard of it and that’s OK; it wasn’t supposed to be a large success. It was a way for me to play with PHP, SQL and mod_rewrite. It was something I could just put out there for people to use if they wanted as a sort of way of giving back to the internet community. And of course, the internet pissed all over it, as is their way. This is why we can’t have nice things. We, as people, are fucking assholes, by and large. Some of us see a webservice or a forum and decide that we’re going to pwn it. We’re going to leave our mark or get it taken down because breaking stuff is fun or selling fake penis pills is a great way to make an income.
Users are the reason sites need privacy policies. They’re the reason you can’t write a piece of code without having to worry about the security first. This is why Diaspora will probably crash and burn in its first week. This is why you need to think of XSS and SQL Injection with every line of code you write. Users are the reason we can’t have nice things.
Count me out. I’ll never give back to the community because there isn’t one. The internet is mostly full of people like geeks, assholes, attention-whores, griefers, moms-as-botnets and many, many more venn diagrams of society. I cannot treat the internet as somewhere I can leave my toys out without some idiot breaking them for the fun of it, so I’m not lending you my toys or letting anyone else play with them again because next time it could be a knock at my door instead of an email.
Postscript. If you’re reading this, you can see my server is back, but that was one week it was offline. One week is a long time for this sort of thing to be offline; things start timing out. Here’s the last word from my hosts: “It appears the childporn links were added by Russian and Ukranian IPs.”