Lessons in cybersecurity, Part I

Updated Jul 8, 2025

Here's a little story from the trenches, from far far away when I was a kiddo learning my way through webservers, PHP and vulnerable (pirated) bulletin boards software.

👋🏻 Intro

A long time ago around 200* something, I was really interested in game hacking related topics and somehow I got in charge of a big forum in the niche. That was my first intro to PHP and anything web related and while being quite good in C++/assembly and having some knowledge of how to breach software security I had stumbled into a fresh new world.

The forum software we were using at the time was an old, pirated version of vBulletin (it came before my reign to power 😅), sitting on a Dreamhost shared server using PHP 4 something. I was writing code by downloading the files I needed to edit via FTP, do my changes in Notepad++ and then I would upload them back, and so on a dozen times until it worked. This all happened while users were online. The good times of the mono dev-testing-production environments <3

☕ The morning wake-up call

The actual story begins one morning where I woke up like any other day, I get on at my desk and check my beloved community as I was doing everyday. But strangely this time it was different, a black webpage appeared, with red text and a funky “hacker” image. I checked the URL again, it was correct ... panic!

I quickly jump to my trusty FTP client and open the website’s root folder. I notice that all the files are there still, it seemed that just the index.php file has been replaced. And because I knew no better, I simply replaced the index.php with one I had in backups.

Crisis averted, everything fixed. I even tried my best to change the passwords around and I even upgraded the forum software to the latest version (that I could find), time to move on and see about my day, thinking everything is well and life is nice again. Narrator voice: things weren’t well and life would not be nice for long.

🕛 Next morning, deja-vu

Same as the day before, same routine, same hacked website, same defaced homepage. 😭 I was having a deja-vu, I thought I fixed it, how could it be? Well, it be. I go through the same steps as the day before, I upload my index.php back and go with my day.

This weird dance continued for a couple of days.

🛡️ The guardian cron job

Finally getting fed up with doing this whole dance every morning I come up with my brilliant solution (or so I thought at the time). I thought I should automate this and so I created a script that checked the hash of the index.php and compare it to a well known hash of the original file, if the hashes would differ, then it would copy and replace the whole forum software with the “good one”. I would throw that in a cronjob where it would run my checker script every couple of minutes.

It worked! The homepage never got defaced again, well, I never saw it get defaced again 😅.

Thinking in retrospective, there’s more that I could’ve done, a lot more, but at the same time I was limited by the tools at hand and more importantly, my knowledge. Given the website was on a shared hosting, there was not much under my control but I could have at least looked into the root cause a bit more, investigate and try to understand what happened, before applying my brute-force fix.

Overall this was a good lesson and a good start into cybersecurity, it was the spark that lit my curiosity for this field.

Related Posts

Unraveling the Mystery of Ignored Files with git check-ignore

In the world of version control, Git has become an indispensable tool for developers. One of its key features is the ability to selectively ignore certain files or directories with the help of the .gitignore file. This can be a real lifesaver when you need to exclude files that don't belong in your repository, like build artifacts, logs, or user-specific settings. However, sometimes it can be challenging to figure out why a particular file is being ignored. That's where the git check-ignore command comes in handy! In this blog post, we'll explore this powerful yet underutilized Git command and how it can help you understand your .gitignore configuration....

Introducing goqueuelite: Golang + SQLite queue

Introducing goqueuelite: Golang + SQLite queue

It finally happened! I am about to introduce my first proper open source project, it is called squeuelite and it is a Golang package that tries to fix the queue issue using SQLite only. The package can be found out github.com/risico/goqueuelite, check it out. The package is not production ready...