Attempts to hack the new Mithras pages

When I wrote the PHP scripts that support my Roman cult of Mithras site, I incorporated some code to tell me if anyone was looking at the pages.  Specifically it tells me which pages are popular; information that is useful to me when deciding what to work on.

Each page is accessed using an address like this:

http://www.tertullian.org/rpearse/mithras/display.php?page=XXXX

where XXXX is the name of one of the pages.  So I display the page names and counts like this:

As you may imagine, I was somewhat surprised to find entries appearing that were most certainly not pages on my site.  No link anywhere will produce these.

Here is one example:

Any database programmer will recognise that these are fragments of the database language, SQL.  What’s going on here?

This is — can only be — an attempt to hack my website.  The hacker has theorised that the pages, as in Wikipedia, are actually stored in a database.  He is trying to guess how my site works.

What if, he thinks, the “display.php” script, in the address above, takes the page name, creates an SQL query, and retrieves the page data from this hypothetical database?  Then perhaps the SQL is this:

select * from database_table where pagename = 'PAGE'

where PAGE is the text in “display.php?page=PAGE“?  If so, he thinks, let’s stick a quote in the address box, and add extra code!  Let’s see, he thinks, if we can get somewhere with this!  It failed, however.

A few days ago he must have realised that he wasn’t getting anywhere with the SQL injection attack (as it is called).  Here’s what he did next:

The hacker has tried again.  He’s now guessing that perhaps the website uses files on the disk, rather than a database.  He thinks that it is perhaps running on the Linux operating system, as most commercial websites do.  And he is guessing that my code perhaps does something like this:

File Open("PAGE");
File Read;
Display file to screen;

So he thought that perhaps he could get the display.php to display the password file from the Linux machine.  Indeed he tried various permutations of the same idea:

The %2F is an HTML encoding for a slash character; so he is still trying to get at the passwd file.  None of it worked, thankfully.

Now there is one obvious conclusion here.  This is not an automatic attack, run by machine.  This sort of tinkering requires human input.  No doubt there are hacking engines, built and sold to attack common software packages used to write websites.  But my site doesn’t use these; it’s all hand-made code.

So, somewhere out there, there is a human being, who is trying to gain control of my website.

Who is this person?  Well, I do know a little about him.  Back in 2006, when I last created a website using PHP scripting, such people didn’t exist.  So when I started the site, in December 2012, I didn’t bother with security.  The first version of the new site was promptly hacked.  And what did he do, once he could edit the content?  Well, he deleted it.  The page content was replaced with spam and links to spam sites.  It’s undoubtedly the same person, since he has kept up various attacks ever since.

The only person who could find advantage in that is someone who works for a spammer.  He’s out there, with some knowledge of programming, trying — for money, I presume — to break my site in order to delete it and replace it with rubbish, because someone else pays him to do it.

Nor is he giving up.  The attempts to hack me, using the attack that worked initially, have gone on unceasingly for months.  Indeed he tried the same hack again, two days ago at 22:42 hours.  It’s usually in the middle of the night that the attacks come.  Is he an Australian, perhaps?  Or some low-paid oriental?

It is sobering to see such determination to do harm.  He has put in months and months of effort – far more effort than I have spent to create the site in the first place.  And he keeps right on going.

Possibly all of our websites are under such daily attack.  The quantities of spam “comments” to this blog run into thousands every day; which, thankfully, WordPress deal with.  Most of the time we just don’t even know it is happening.

How many website authors check their logs regularly?  How many of us would recognise an attack if we saw one?  It is pure coincidence that I chose a format for this site, and a reporting method for it, that highlight the attacks very clearly.

I hope, therefore, that this post may assist my fellow web-authors.  It goes to show that these attacks are real.

Yes, it is sobering, and also rather sad.  For this was not how things were in 2006.  I ran the translation project for Jerome’s Chronicle without any security at all.  And I had no trouble.

But now the criminal classes are on the web.  The criminal is he who will wreck anything for any shred of personal convenience, regardless of the harm to others.

Sadly we may have to accept a police force for the web also, in response.

Share

From my diary

I’ve asked a colleague to translate for us Leontius of Byzantium, Adversus fraudes Apollinistarum (Against the forgeries of the Apollinarists) (CPG 6817, PG 86, col. 1948-1976).  This is fourteen and a half columns of Migne, and may well be interesting.  The circulation of banned works under other names was an inevitable consequence of the intolerance in the 5th century, and it will be very interesting to see what Leontius uses by way of criteria for identifying these things.

I’m preparing for my trip to Rome.  I’ve made a list of Mithraic monuments that I hope to photograph.  It looks as if I may be able to go to Ostia Antica as well!

On a less pleasant note, I’ve had to add additional security code to the Mithras site.  The incessant attempts to hack my site show up in the log, and are sobering to see.

Rather foolishly – for I don’t enjoy reviewing books – I have agreed to review Tony Burke’s, Ancient gospel or modern forgery, the volume of papers from the “Secret Mark” conference.  Wipf and Stock have started to send me stuff. 

It will be interesting to see if any substantive reply has emerged to Stephen C. Carlson’s crushing demolition of the book.  Carlson suggested that the book was a scholarly hoax rather than a forgery; a distinction of real importance, but not always noted by either his supporters or opponents.

Share

“The mysteries of the Greek alphabet” – part 2 now online in English

Dr Anthony Alcock has continued his translation of this fascinating late Coptic text on the ‘meaning’ of the Greek alphabet (part 1 here).  Part 2 (of 5) is here:

 

Share

Isidore of Pelusium, Letter 78

Edward Campbell has kindly translated for us this letter of Isidore of Pelusium, from the Patrologia Graeca text.  It came to my attention after a correspondent asked whether it referred to the Three Hundred Spartans.

To Esaias[1] the soldier.

To[2] the disorderly soldier.

If, from among your weapons, you consider your spears and your helmet and your breast-plate to be an assurance for your well-being, while you plunder and desolate the highways, know that many who had armed themselves more impregnably than you won for themselves[3] a most lamentable death. Among us[4] are recorded, on the one hand, Oreb, Zebah, Zalmunna, Abimelech and Goliath, and Absalom,[5] and as many others who were like them. Among those outside,[6] on the other hand, are the Hectors, the Ajaxes, and the Lacedaimonians[7] themselves who, above all others, were prideful of their strength, since they did not possess justice in proportion[8] to their power. If, then, you do not wish to be a worthless soldier, arrange yourself at once toward the spiritual war and wage war rather upon your own disorderliness.


[1] A more normal English rendering would give “Isaiah.”
[2] Possibly, “Against the disorderly soldier.”
[3] Or simply, “obtained.”
[4] i.e. Characters from the Old and New Testaments.
[5] See Judges 7, 8, and 9; 1 Samuel 17; 2 Samuel 13.
[6] i.e. Characters from Greek literature.
[7] i.e. the Spartans.
[8] Lit, “running along with their power,” a slightly confusing phrase. Isidore seems to mean that the Spartans’ power far surpassed their justice, hence they only had their power to be proud of.

Share

Anglican church of Canada bishop Michael Bird uses church funds (?) to sue blogger for “defamation”

UPDATED: I learn that it is not clear whether Bishop Bird is actually using church funds to do this.  I suspect that he is, since few people can afford such vanity cases personally, but I do not actually know this for a fact.

Anglican Samizdat blog is being sued.  The pretence is defamation, but the object is to drive it offline:

On February 19th 2008, the Diocese of Niagara served St. Hilda’s with legal papers with the intention of taking possession of St. Hilda’s building and freezing our bank account.

On February 19th 2013, exactly five years later, I was served personally with a statement of claim for defamation of character from the Diocese of Niagara’s Bishop Michael Bird.

The claim is seeking:

  • $400,000 in damages plus court costs and their legal costs.
  • An interim and permanent injunction to shut down Anglican Samizdat.
  • An interim and permanent injunction prohibiting me from publishing further comments about Michael Bird.

The claim quotes – with sporadic accuracy – 31 blog postings that are alleged to be libellous.

Contrary to what one might expect in such circumstances, I did not receive a cease and desist letter in advance of the suit.

Initial negotiations for an early settlement have been unsuccessful.

I have filed a statement of defence, the pleadings are now closed and we have commenced the Discovery process.

The first question, of course, is what does the good bishop have to hide?  What does he not want known?  That, for instance, as soon as he gained possession he sold the rectory?  Sadly, I fear that the answer is that he knows very well that his actions towards St Hildas were immoral; and that they bring him into disrepute; and he would rather not face the opprobrium.  Yet … what kind of reputation will he get from launching lawsuits designed to silence critics?

It would be interesting to ask whether the charitable purposes for which the church exists include vexatious lawsuits designed to shield their officials from public scrutiny, if the church should turn out to be funding this.

Readers may wonder what the bishop did with the church that he seized from those who paid for it.   The following photograph of St Hildas will tell you.

And, yes, those concrete blocks were the good bishop’s contribution.

Share

“Ingesting the Godhead”? – a dubious “quote” from Cyril of Alexandria

A correspondent has written to me with an interesting quotation which is being attributed on the web to Cyril of Alexandria.  It may be found here, among other places, and reads:

When we ingest the Eucharist in reality we are ingesting the Godhead ….. because His Body and Blood are diffused through our members we become partakers of the divine nature.

My correspondent notes that this contradicts what Cyril says in Against Nestorius 4:

But out of overmuch reverence, he blushes (it appears) at the measures of emptiness and endures not to see the Son Co-Eternal with God the Father, Him who is in the Form and Equality in everything with Him Who begat Him, come down unto lowliness: he finds fault with the economy and haply leaves not unblamed the Divine Counsel and Plan. For he pretends to investigate the force of the things said by Christ, and as it were taking in the depth of the ideas; then bringing round (as he thinks) my words to a seeming absurdity and ignorance; “Let us see, he says, who it is that mis-interprets. As the Living Father sent Me, for I live (according to him) God the Word, because of the Father, and he that eateth Me he too shall live: which do we eat, the Godhead or the flesh?”

Perceivest thou not therefore at length how thy mind is gone? for the Word of God saying that He is sent, says, he also that eateth Me, he too shall live. But we eat, not consuming the Godhead (away with the folly) but the Very Flesh of the Word Which has been made Life-giving, because it has been made His Who liveth because of the Father.

And we do not say that by a participation from without and adventitious is the Word quickened by the Father, but rather we maintain that He is Life by Nature, for He has been begotten out of the Father who is Life. For as the sun’s brightness which is sent forth, though it be said (for example) to be bright because of the sender, or of that out of which it comes, yet not of participation hath it the being bright, but as of natural nobility it weareth the Excellence of him who sent it or flashed it forth: in the same way and manner, I deem, even though the Son say that He lives because of the Father, will He bear witness to Himself His own Noble Birth from forth the Father, and not with the rest of the creation promiscuously, confess that He has Life imparted and from without.

I have been unable to find the source for the “quote”.  But of course much of Cyril’s work is untranslated, and possibly it does exist somewhere.  It is not found in the 110 letters of Cyril, published in English in the Fathers of the Church series, that much I can tell.  Nor is it found in Norman Russell’s Cyril of Alexandria, which contains a selection of texts.

I wonder whether the “quote” exists in German?  Or French?  What would “ingest” and “Godhead” be, in either language?  There are some works extant in translations in that language.

Any ideas, anyone?

UPDATE: Mina Soliman seems to have found it.  A certain Richard Foley, Mary and the Eucharist, contains almost exactly the “quote”, on p.46.  But in reality the words are his own:

When we ingest the Eucharist, in reality we are ingesting the Godhead.  This makes of us a kind of tabernacle, and we are transformed.  For thus we become Christ-bearers, because his body and blood are diffused through our members … and we become partakers of the divine nature.[8]

Footnote 8 (on p. 54) gives the source as “Cyril of Alexandria: Catechetical Lectures 4, 6.[1]Snippets accessible http://books.google….g#search_anchor and http://books.google….n#search_anchor[/ref].

Of course the author of the Catechetical Lectures is Cyril of Jerusalem, not Cyril of Alexandria.  And the second sentence in the Foley quote is indeed in Cyril, as the NPNF text show:

Wherefore with full assurance let us partake as of the Body and Blood of Christ:  for in the figure of Bread is given to thee His Body, and in the figure of Wine His Blood; that thou by partaking of the Body and Blood of Christ, mayest be made of the same body and the same blood with Him.  For thus we come to bear Christ in us, because His Body and Blood are distributed through our members; thus it is that, according to the blessed Peter, we become partakers of the divine nature.

The first sentence is Fr. Foley’s own idea.

And so we have it; a quotation from a modern book with an erroneous reference turned, magically, into a patristic quote.

Well done, Mina Solomon, for getting to the bottom of that!

Share
  1. [1]

Guidance in Christian life and the sort of things we should do

An interesting post by the Ugley Vicar makes a point that is worth repeating:

Maybe you are a square peg in a round hole – there is no shame in that. One of the turning points in my life came when, sitting in the vicarage in Sparkbrook, my eye was caught by Romans 12:6: “Having gifts that differ according to the grace given to us, let us use them” (RSV).

I had thought that God had called me to this particular job, despite many people telling me it was not a good idea, because God calls you through feelings and signs, even to do things you don’t seem cut out for. This was what happened in the books I’d read. But I was desperately unhappy and hanging on by a thread.

Suddenly I had this sense of revelation. According to the passage, you should use the gifts God had given you. So the right job would be one where you could do that. But according to what I’d learned, the right job had nothing to do with your gifts. You went where your feelings led you. Now I found myself thinking, either my view was right, or the Bible was right. And it was blindingly obvious which!

If we follow our gifts, where do they lead us?

Share

Off to Rome

I’m off to Rome for a few days in a couple weeks.  Just a long weekend — boy are those hotels expensive! — but nice all the same.

I’m travelling independently with a friend who hasn’t been to Rome before.  I’d rather like to spend some time in museums; my friend, however, is not an ancient history buff.

What should we go and look at, do you think?

Share

Jerome’s Commentary on Jonah – online in English

I discovered today that there is online a thesis containing an English translation of Jerome’s Commentary on Jonah.  It was made by Timothy Michael Hegedus in 1991.  It’s here.  I am OCR’ing the PDF as I write!

I learned about this via AWOL.  There is a website Open Access Theses and Dissertations.  This is a portal to other online sites of dissertations.  A query on “Eusebius” quickly brought up the item.

Magic!

Share