Slated employs many different techniques to protect the site from hacking, but by far the most important is vigilance, and that means paying close attention to things like logs.

Like many sites, Slated is under constant attack, mostly from bots running on compromised Windows machines, but most of those attacks are purely opportunistic and random, or in other words aren't actually targeting Slated for any particular reason. But every now and then I discover something in the server logs that suggests otherwise.

Today was one of those days.

What aroused my suspicion wasn't so much the nature of the attack, but the source.

Type	page not found
Date	Saturday, 10 December 2011 - 1:43pm
User	Anony Mouse
Location	http://slated.org/xgl_on_fc5%3C/function.htmlspecialchars
Referrer
Message	xgl_on_fc5</function.htmlspecialchars
Severity	warning
Hostname	207.46.204.234

The hack itself is a failed attempt at an XSS (Cross-Site Scripting) injection, neutered by security mechanisms built into Drupal.

What I find far more interesting is the IP address of this hacker:

whois 207.46.204.234

NetRange:	207.46.0.0 - 207.46.255.255
CIDR:	207.46.0.0/16
OriginAS:
NetName:	MICROSOFT-GLOBAL-NET
NetHandle:	NET-207-46-0-0-1
Parent:	NET-207-0-0-0-0
NetType:	Direct Assignment
RegDate:	1997-03-31
Updated:	2004-12-09
Ref:	http://whois.arin.net/rest/net/NET-207-46-0-0-1
OrgName:	Microsoft Corp
OrgId:	MSFT
Address:	One Microsoft Way
City:	Redmond
StateProv:	WA
PostalCode:	98052
Country:	US
RegDate:	1998-07-10
Updated:	2011-04-26
Ref:	http://whois.arin.net/rest/org/MSFT

Now, as regular readers will already know, Slated is a site dedicated to GNU/Linux, Free Software, Free Standards, civil and human rights, business ethics, altruism and, generally, the cause of social liberalism. This upsets certain types of people and companies, no doubt including Microsoft. So it doesn't really surprise me when they attack Slated, although I find it rather disturbing that a global corporation like Microsoft should do it so openly.

Perhaps this "hack" is nothing more than yet another compromised Windows PC inside Microsoft's Redmond HQ, or maybe it's something more sinister, but either way someone or something on Microsoft's network just attacked Slated.

Good to know I have their full attention.

It's also a good thing this site isn't running Windows.