Readers who came to Combat! blog to shop for children’s melatonin will be disappointed to learn our security measures are working. After yesterday’s discovery of hax, I finally installed some basic protections, including a lockout function to prevent brute-force login attempts. Basically, if you enter the wrong password too many times, you can’t connect to the site for an hour. What’s that you say in your coarse, plebeian voice? You’ve never logged in to Combat! blog? That’s because the only user is me, plus the admin account WordPress requires for stuff like changing my password. Yesterday, my firewall locked out an IP address in Luhansk, Ukraine1 for multiple failed login attempts on that admin account. I changed my password, you vodka-sodden kleptocrat. So why don’t you just impulsively kill your landlady and then worry about it for six hundred pages?
The bad news is that I cannot get this person. I have blocked a range of IP addresses that includes his, but I cannot wage a counteroffensive. First of all, I don’t know how the internet works. Second, it’s not possible, according to my only source of infosec knowledge, @SwiftOnSecurity. I cannot reach out through the internet and avenge myself on this IP address in Ukraine. Probably, that’s not even the location of the person, people, or bot who hacked me. Maybe it’s the location of a zombie computer in a network that hacker uses as a platform for brute-force attacks. Maybe (probably) my hacker spoofs this IP address to hide his own—or her own. Maybe it’s a woman.
Maybe it’s a kid. The black hat who cracked Combat! blog’s deeply surmountable defenses may be a twelve year-old in suburban Luhansk who got paid a fraction of a bitcoin to lard my site with discount pharmacy links. He probably learned how to do it from his friend. They go to Ukrainian public school, where the kids who aren’t into computers look like Ivan Drago before he learned discipline. They hacked Combat! blog together, when they were supposed to be studying math.
Maybe the hacker I locked out of my blog yesterday is a guy in his early 20s with no job. The economy of Luhansk is not booming, but a guy with a laptop and an internet connection can make rent if he hustles. There are people on Tor who’ll pay you $20 per link. You don’t have to code if you get the right scripts, which is good because he’s not a hacker. He’s writing a novel. It’s about a drug dealer whose girlfriend wants to move to Moscow, and he can go with her if he makes that one big score. Maybe that’s whose income stopped coming in yesterday, when I blocked his IP address.
On second thought, I do not want to get my hacker. I would like to talk to him, mostly to tell him what a pain in the ass he has been but also to understand what his life is like. I like to hear about somebody else’s hustle. Working for other people is generally the same, but there is something fascinating about the financial life of, for example, a pool shark. Strippers have good work stories. So do freelance graphic designers and wedding photographers. These people have escaped the employment model or were forced out of it, and now they interface with the economy directly. They are left to sell what they can in an unfamiliar marketplace or, you know, starve.
Or get married. Maybe the person who hacked Combat! blog is a 19 year-old woman who moved to Luhansk from wheat country. She works at a cafe, but she makes enough money hacking WordPress sites to pay for computer science classes at the community college. Now that some asshole blocked her IP, she can’t pay August rent. There’s a regular at the coffee shop who’s always making creepy comments—an older guy who ogles her and then makes a show of putting a big tip in the jar. Maybe she could get some money from him. Maybe she wouldn’t have to have roommates or work in the cafe at all if she just got married. Sometimes she wishes she could reach through the internet to that person who made her miss rent by typing her IP address into a box. She would like to see his face.