Posted on 24 March 2014 by Bob Lacatena

Introduction

In March of 2012, a "leak" — actually the results of a concerted, persistent and expert hack — of the Skeptical Science web site revealed the contents of the private contributors forum, as well as a useless list of deleted comments (we have intended for some time to make all deleted comments visible to everyone, and simply haven't gotten around to that task yet) and the site's registered users (culled to remove all pseudo-skeptics).

The series of seven posts outlines the story of how the hack unfolded, how it was investigated, and exactly how it was perpetrated.

The Posts

• Part 1 recounts the initial steps of the hacker, and our initial discovery of his intrusion.
  
  
• Part 2 describes the earliest encounters, known and unknown, with the hack.
  
  
• Part 3 explains SQL injection attacks, recounts the hacker's release note, and describes the hacker's activity through March.
  
  
• Part 4 describes the inner workings of the Skeptical Science website, and the first, restricted efforts to respond to the hack.
  
  
• Part 5 explains how apache logs are structured, and explains some of the avenues the hacker used in his attack.
  
  
• Part 6 describes the methods used by the hacker and details his activity on February 21st.
  
  
• Part 7 concludes by answering those questions that have answers.
  
  

The Timeline

TBD