Slated employs many different techniques to protect the site from hacking, but by far the most important is vigilance, and that means paying close attention to things like logs.
Like many sites, Slated is under constant attack, mostly from bots running on compromised Windows machines, but most of those attacks are purely opportunistic and random, or in other words aren't actually targeting Slated for any particular reason. But every now and then I discover something in the server logs that suggests otherwise.
Today was one of those days.
What aroused my suspicion wasn't so much the nature of the attack, but the source.
Type page not found Date Saturday, 10 December 2011 - 1:43pm User Anony Mouse Location http://slated.org/xgl_on_fc5%3C/function.htmlspecialchars Referrer Message xgl_on_fc5</function.htmlspecialchars Severity warning Hostname 126.96.36.199
The hack itself is a failed attempt at an XSS (Cross-Site Scripting) injection, neutered by security mechanisms built into Drupal.
What I find far more interesting is the IP address of this hacker:
NetRange: 188.8.131.52 - 184.108.40.206 CIDR: 220.127.116.11/16 OriginAS: NetName: MICROSOFT-GLOBAL-NET NetHandle: NET-207-46-0-0-1 Parent: NET-207-0-0-0-0 NetType: Direct Assignment RegDate: 1997-03-31 Updated: 2004-12-09 Ref: http://whois.arin.net/rest/net/NET-207-46-0-0-1 OrgName:
OrgId: MSFT Address: One Microsoft Way City: Redmond StateProv: WA PostalCode: 98052 Country: US RegDate: 1998-07-10 Updated: 2011-04-26 Ref: http://whois.arin.net/rest/org/MSFT
Now, as regular readers will already know, Slated is a site dedicated to GNU/Linux, Free Software, Free Standards, civil and human rights, business ethics, altruism and, generally, the cause of social liberalism. This upsets certain types of people and companies, no doubt including Microsoft. So it doesn't really surprise me when they attack Slated, although I find it rather disturbing that a global corporation like Microsoft should do it so openly.
Perhaps this "hack" is nothing more than yet another compromised Windows PC inside Microsoft's Redmond HQ, or maybe it's something more sinister, but either way someone or something on Microsoft's network just attacked Slated.
Good to know I have their full attention.
It's also a good thing this site isn't running Windows.