All posts by Alistair Lattimore

About Alistair Lattimore

My name is Alistair Lattimore, I'm in my very early 30's and live on the sunny Gold Coast in Australia. I married my high school sweet heart & we've been together for longer than I can remember. Claire and I started our family in September 2008 when Hugo was born and added a gorgeous little girl named Evie in May 2010. You can find me online in the typical hangouts, Google+, Twitter & facebook. .

Break & Enter

Break & Enter - Shattered Rear Sliding Door Close UpJust before lunch today I noticed I had a missed call on my mobile and a few seconds after I picked up my phone, it started ringing again and Lorraine told me in a somewhat worried voice that our house had been broken into.

Claire had been to the gym this morning and Lorraine happened to drop in before lunch to drop some items off and was going to leave them on our back patio table when she noticed that the back sliding door was open. Initially she thought it was odd and that Claire must have unknowingly left it open, so she walked in, dropped off her items and then noticed the broken glass on the floor.

At this point Lorraine thought she heard someone in the house and called 000 and the police responded promptly but instead of having the normal boys in blue roll up, we had a Sargent, two detectives and a forensic officer who happened to all be in the area when the call came over their radio — talk about good timing!

Police entered the house with weapons drawn, cleared all rooms, cupboards, under beds, in large storage spaces, garage and even checked in the man hole into the roof cavity to make sure no one was in the house. By the time the police arrived, there wasn’t anyone in the house – good for the offender, not as fantastic for the police as it would have been great to apprehend someone.

House

While getting broken into is not on the top of my bucket list, I’m very thankful that whoever broke into our home didn’t do any damage. Other than the shattered glass pane in the sliding door, nothing else in the house was damaged. They could have easily broken the TV, damaged or spray painted the walls, set fire to the house for the fun of it — the options are pretty endless but none of that happened so for that I’m thankful.

The living area, kitchen, computer and kids rooms were left alone, while our master bedroom took their full attention with virtually everything in a draw or on a shelf, now sitting on the floor as they rummaged through looking for valuable items but again, nothing damaged – just a great big mess.

Possessions

Knowing that Claire was at the gym, I had in my head a rough time frame that she would have been away from the house. For whatever reason, I was imagining someone or a group of people systematically going through the house over a couple of hours (I know, ridiculous) and emptying it out completely of anything of value.

To my absolute and complete dismay, that is virtually the opposite of what has happened. While turning our bedroom upside down, they’ve found a beautiful dress watch I gave to Claire on our wedding day and taken that, while overlooking my equally expensive Seiko watch. They’ve literally picked up the Canon 600D and the digital video camera to move them but didn’t take them, similarly they opened a jewelry that was clearly opened wasn’t taken so I’m a little confused about what their motivation was.

This makes me wonder if Lorraine did disturb someone in the house and when she back out of the house, I presume to the front yard to call the police, the intruder(s) have escaped out through the broken glass door and over the fence. No idea if that happened or not but it is odd that more items weren’t stolen, so maybe something spooked them.

Forensics

Break & Enter - iPhone Finger Print Dust

It was great to see the forensics guy dusting everything down for finger prints, maybe it’ll help them nail someone for the crime in the future. Successful finger prints were lifted off the door frame but unfortunately they didn’t cut themselves on the glass. It also turns out that Apple products are very desirable, as every box we had in the cupboard was taken down and checked and the nice glossy cardboard is fantastic for prints – four more sets were lifted off those as well.

Insurance

This afternoon I put a call into our Suncorp Insurance to get the ball rolling with them and the process was really smooth. Rob, the Suncorp consultant I talked to on the phone was fast, clear and explained what was going to happen.

Before I got off the phone he’d already organised a glazier to call me later that afternoon to come and fix the broken glass panel in the sliding door. Rob had said if I didn’t hear from the glazier in 2-3 hours to give them a call but I didn’t need to, as they called me less than 10 minutes after I got off the phone.

The glazier, Amalgamated Glass, turned up about an hour after the phone call. Hugo and Evie were excited to see him shatter the glass into a thousand tiny pieces and vacuum them up, along with watching him refit the new glass out at his truck.

Next Steps

Claire has provided the police with an initial list of stolen items, which at this stage is just her dress watch but that might change in the next day or two. The forensics officer actually said it is normal to add things to that stolen items register months or a year afterwards when you realise an item you use infrequently is missing. I’d expect to receive the incident number for the break and enter tomorrow or early next week.

I’ve got the case number from Suncorp and have told them about the stolen watch. Again we need to update the stolen items as soon as we can and also provide Suncorp any documentation (if we’ve got any) showing that we own the items that that we’ve reported stolen such as a receipt, maybe a photo for instance.

Tomorrow or Monday I should receive a phone call from someone at Suncorp to go through our case in more detail, at which point I should find out about how the payout process works which at this stage I’m unsure of.

So far having someone break into our home has been an inconvenience but everyone we’ve dealt with so far have been fantastic. I’m hopeful that the last part of the process with Suncorp is equally as smooth and if so, they should be congratulated on really trying hard to deliver great customer service.

Downhill Mountain Biker Versus Peregrine Falcon

Red Bull have built their brand in recent years on the back of sponsoring elite level and extreme sports, whether it is the Red Bull Air Race or the more recent events like Red Bull Stratos where Felix Baumgartner skydived from the 128100 feet and broke the sound barrier on the way back down or the Formula 1!

The video below shows a Red Bull sponsored downhill mountain biking champion racing a peregrine falcon, which happens to be the fastest bird of prey on the planet, down a mountain bike course while the peregrine is swooping and bomb diving him on the cyclists descent attempting to retrieve a bright yellow package from his back.

I love the amazing camera work, it really highlights just how fast and amazingly agile the peregrine falcon is in the wild. Now imagine how the prey must feel when a peregrine bomb dives them at over 320kph and the fastest ever recorded speed was 389kph!

Hacked

Friday night, while browsing through an old article on my blog I stumbled onto a post that had a strange formatting issue.

This isn’t the first time I’ve noticed formatting issues on my blog, back in 2009 I had an issue with strange characters showing up. After investigating that particular problem, it ended up being a character encoding issue with MySQL. I fixed the character encoding issue, edited all of the posts that had the strange characters in them and the problem didn’t reappear.

What I noticed on Friday night was a little different, it looked as if I had mistakenly pressed <enter> half way through a paragraph. Initially I thought it might have just slipped through the cracks while writing or editing an old post, I fixed the issue and moved right along.

Half an hour later I ran into another post with the same sort of problem, very odd. This time when I went to edit the post, I switched from the WYSIWYG editor into the text editor and low and behold, I found something like the following within the post:

<div style="display: none"><a href='http://buy-cialisshop.com/' title='buy cheap generic cialis online'>buy cheap generic cialis online</a></div>

At which point I realised that my blog had been hacked. Once the hackers got in, they edited old blog posts, inserted links off to their favourite cheap pharmaceutical websites and moved onto the next website to hack trying to boost the rankings of their low quality, crap websites in Google search.

How To Fix A Hacked WordPress Website

My first plan of attack was to understand how broad the problem was throughout my blog. I obviously couldn’t go through all of my blog posts manually, as I’ve got literally hundreds of published items over the years.

To expedite that part of the process, I used a website analyser by Microsoft named IIS7 SEO Toolkit. It can crawl a website, a lot like how Google crawls the entire internet, just on a much smaller scale. Once it finishes crawling through hundreds of pages, it then analyses all the pages and provides a reporting interface that made it easy to identify all of the websites I’ve linked to over the years, including the newly inserted irrelevant spam links. I worked through that list manually, and then edited each relevant blog post to remove the spam links.

Next up I reviewed what users existed within WordPress. When you install WordPress for the first time, it will create an administrator named ‘admin’ by default or a name of your choosing. I don’t recall why but I let it create the default ‘admin’ user and I subsequently created an additional account for myself. The default admin user has a randomly generated password, so I don’t think it was the cause of the hacking but the account was removed anyway as it isn’t needed.

I suspect that the hackers got into my blog using a brute force attack. In these scenarios the attacker will attempt to login thousands of different times using a known set of passwords, often starting with dictionary words. This was an obvious problem for my site, as I was using a dictionary word for a password; I should and do know better. I’ve updated my account password to a unique, long, randomly generated one with every type of character under the sun in an attempt to avoid this happening in the future.

Not knowing for sure how the hackers breached my WordPress website, it is possible that they have edited the physical WordPress files on the web server since they may have known my account password. Just to be sure, I downloaded a fresh copy of WordPress and re-installed it to remove any possibility that they hackers had a backdoor into the site for future reference.

Like most WordPress website owners, I utilise plugins from around the internet to augment the default behaviour of WordPress. There is nothing inherently wrong with installing plugins, however the quality of the software varies plugin to plugin, as does their attention to security details. As such, each time a plugin is installed – there is an increase, albeit small, that the plugin might have some sort of security exploit within it that could potentially allow a hacker to get into a website. To reduce the likelihood of that happening, all of the plugins that are installed but not active have been deleted from the server.

To help monitor my website on an ongoing basis moving forward, I have setup a series of Google Alerts which will notify me via email/RSS if they find certain keywords within the content on my blog such as viagra, cialis, porn, poker and so forth.

In the next week or so I am going to review a bunch of different WordPress security focused plugins  and best practices as well, see what other security improvements I can make to my blog so this doesn’t happen again in the future.

Frustrating.