Title: Google Transit Japan Is Here... OR... Marry Me Google

If Google was a woman I'd marry her...


that's right, you heard me, if Google was a woman I would marry her. Ahhh, if only... IF ONLY!


Anyway, back to reality.

Google has just launched a great program for anyone commuting in Japan.

It's the Japan version of Google Transit and it is awesome!
Check it out, it's at http://www.google.co.jp/transit



And unlike the other versions of Google Transit the Japan version does not only cover a few parts of Japan it covers the whole thing.

Here is a pic of a route from tokyo to kyoto:

This tool is a great way to get to info about your commute (train times, transfer stations, alternative routes, duration of trip, etc. etc. etc. ). And since it is connected to Google Maps you can check out train station surroundings (like conbini s, stores, and restaurants). And it works on your mobile phone!

Since this new tool is so cool it is our next hot search, check it out.

Hope you enjoy it as much as we do.
-Keitaro

p.s.
If you read Japanese here is Google Japan's post

Hasta La Vista Schwar-chan!!!

Awww. It's been a good run for the Governator.

Our Arnold Schwarzenegger hot search "Arinamin V" has been fairly popular, but now it's time for him to say goodbye (or at least "hasta la vista").

If you missed our earlier post about him and the hilarious (And I mean HILARIOUS) video clip of him in the Japanese Arinamin V commercials, check it out

Free Internet Broadcast Japanese TV!

Extra! Extra! Nipponster Japan Toolbar just got better!

What can be better than FREE JAPANESE TV?

Free Japanese TV right on your browser!

To our loyal users:
We are dedicated to making
the Nipponster Japan Toolbar the BEST toolbar of Japanese language and entertainment resources available!

We have recently made some improvements to it.

In case you haven't downloaded it and taken it for a spin yet, it is located here.


It has Japanese internet broadcast tv stations available at the click of a button, so you can passively practice Japanese while surfing the net (or just enjoy the show).

Here is a preview of one of the free Japanese tv broadcasts!


It has Japanese internet radio stations (some with Japanese language lessons), jim breen's dictionary, and other language tools, etc. etc.

It let's you search for info about that Japanese Pop Idol (for example) that you love using Nipponster Search; from anywhere on the net!



We have been making little improvements to it here and there. We tweaked the rikai function and added Japanese text functions from Open Japan and a search Wikipedia function. All of those open up in little toolbar windows where you can type in your search etc. without having to go to the page (saving you time and hassle).

So if you haven't, TRY IT OUT!

-Tori
p.s. We are also tinkering with more features like more free Japanese TV channels, easier dictionary search functions, and later on a user chat box. All part of the mission to make the web a better place for Japan-enthusiasts!

Part V: Hackers cracking sites & hijacking your email to send spam

If you missed them (and have way too much time on your hands) here are the other parts 1,2,3 and 4.

I decided to write a part 5 for all of the people coming in from search engines, digg, and reddit who are interested in information about having you site hacked and what you should watch out for.

ATTENTION WEBMASTERS:

Even if you get your site back up and running you may still need to watch out for this...

* Hackers may hijack your email account to send spam *

Our webpages that were hacked were running on a content management system (CMS) called PHPIZABI.

From what we can tell the hackers accessed some of the administrator functions through a whole in the older version of the program (this is why you always want the newest version!)

We were fortunate and they weren't able to or decided not to cause much damage.
But I suspect now that more than damage they might have been looking for email accounts to hijack.
Why do I suspect as much? Because I received this email in my gmail account:





This email came from the email that was registered on the admin page of the site that was hacked. I created this email account in cPanel, had the account been a gmail account I'm sure this would not have happened. I figure that they might be using some program to send out spam because since an email came to my other email account then the program must be emailing addresses from my address book.


In Good Company:

We are not alone by any means in having our email hijacked. Just check out this Google search:http://www.google.com/search?hl=en&q=hackers+hijack+email


The results include stories of popular sites like "million dollar website" and even WIKIPEDIA.org having their email accounts hijacked and abused to send spam and malware.


So what can you do if you are hijacked?

In my case I was fortunate again, I was barely using the email account that was hijacked so I just deleted it.



I researched some information on other actions one can take but it doesn't look hopeful:

http://www.mailsbroadcast.com/email.broadcast.faq/45.email.hijacked.htm



http://answers.yahoo.com/question/index?qid=20060918201000AAa071G

This search was a little better:
http://www.google.com/search?hl=en&q=fighting+email+hijack&btnG=Search

Sorry if that doesn't help,
-Tori

Stone Soup and the Nipponster Japan Project

Have you ever heard the story "Stone Soup"?


The old folktale seems to have different versions but basically it goes like this:

Their was a man with nothing but a pot and a hunger for soup. He puts a stone into the pot of water and tells everyone passing by that it is the most delicious soup but all that it is missing is their ingredient. One puts in a carrot, another a potato, etc. until it becomes a great soup. None of them could have made that soup with only their own item. All benefited from a much tastier soup when it was finished.

In the same way we have nothing but a hunger to make a great soup, a great soup of resources. But like the man in the story we have nothing, all we have is a stone (our feeble abilities) and a pot of water (a new wikipedia-like wiki). But we are convinced that by bringing all of the bloggers, webmasters, and general internet users who are passionate about Japan together around a common goal we can make better resources for all.

That is the concept behind the Nipponster Japan Project. We will be announcing the start of this project in the upcoming weeks. We look forward to working on this project with all who are interested. And we would love to chat with you. So, if you just cannot wait to know more, contact us.

Oops...

oOpS


We just received feedback from a user notifying us that the archive links for this blog were dead-links (links that lead to non-existent pages).

After beating ourselves up about about not catching the error earlier we fixed the problem.
Like we've said before, to err is human but your forgiveness is devine :)

To the user, thank you for the feedback. We really appreciate all feedback, it really helps us make Nipponster better for you.

Keep giving us your feedback!
-Tori

p.s. sorry about the previous pic. scary.

Ando Hiroshige Has Usurped The Throne :)

Absolutely beautiful.



Those are the words that best describe Hiroshige's artwork.



And it is his beautiful artwork that compeled us to make him the next new "reigning" hot search.
(sorry Prince Pickles)








Were we wrong?...


















































:)

Keitaro

The Prince Has Been Dethroned

Prince Pickles that is...



If you haven not checked out that hot search yet, here it is:
http://nipponstercom-swicki.eurekster.com/Prince+Pickles+War+Cartoon/
(and you can comment on it and vote for it in the hot search archive)

For those out of the loop :) prince pickles is mascot of Japan's Self Defense force.
Japan + Military still frightens/angers many (especially in Asia) so the Japanese government is hoping that this cute little guy will help curb those emotions.

I don't know. What do you think?
-James

I said Part III would be the last but... We had a minor victory! So here is Part IV

Ahhhh (sigh of relief)


It feels good to have those pages back!

And... (which makes the minor victory so much sweeter) I was right!

As I eluded to in the first post, the hackers probably did not do any extensive damage to the site. It was beyond simple to fix once I figured out what they did.

This is how I figured it out:

If you read Part III you might remember that I googled and found other victims who had been hacked by the same guys. And I sent a few of them an email (which I quoted in that post).
Well, as luck would have it one of them had the answer to my problem:

"My phpzabi site was hacked but the damage was
minimal. They only managed to place a re-direct code at the bottom, where
the copyright information usually goes. I was able to hit the "stop" key
while the page was loading, entered the admin area and went to configuration,
and removed their code. Pretty simple"

I knew it! It was just as I expected. I saw that the page was redirecting to their site (and the "hacked by ..." message) after a few seconds.
So I knew that they must have placed a meta tag (html nerd language, just ignore) on my page, but I didn't know where and I didn't know if that was the only damage.

Well, after I received this email I knew exactly where to look. And this is what I found:

HACKED BY [name odmitted]
HACKED BY [name odmitted]
HACKED BY [name odmitted]
HACKED BY [name odmitted]

<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.[URL odmitted]/Deface/ccn/dfcd4.html">

The last part of that, with the "refresh" part, is html that redirects to their message. So I just had to clip all of that out.

Helping Other Victims:

So now that I've fixed those pages I plan to email other victims (some I've already contacted) that I found through Google and tell them about how they can fix their sites.
In hindsight it looks like we were pretty fortunate. It looks like some of the other sites suffered more damage.

Now to wait and see if Godaddy takes action against the hackers' website...

-Tori

Pages Reclaimed From Hackers!

We love you Tori!

Tori was able to fix the pages that were hacked. And we rejoiced!

Now to get him to talk about how he fixed it and won us a victory over the hackers...

-Keitaro

We've been hacked. Protecting yourself from hackers. Part III of ongoing saga

(sigh)

I am getting tired.

I think this may be the last post about being hacked (previous posts: part I, part II). I have a lot of information that I have found, and would not mind sharing, but this whole thing is wearing me out...
If you want more after this let me know in the comments section below.

Ok, here we go...

Tattling:

One of the first things I did after realising that our site was hacked was I did a whois look up (a search that tells you who the website domain is registered with).
I found out that these guys are registered with Godaddy. So sent Godaddy an abuse report

According to Whois records this domain is registered through Godaddy. They
are Turkish hackers and have maliciously defaced a large number of websites,
including mine. See:http://jpnx.com/php_izabi/PHPizabi_0.415b_R3/It redirects to their message at:http://www.[Hacker's URL. omitted for
safety]/Deface/ccn/dfcd4.html

Googling
[Name of the hackers. omitted for safety] will back up the fact that they have victimised many others.
And their homepage is a forum about security cracking. I appeal to you based
on your own policy:"Go Daddy reserves the right to remove sites that contain
information about hacking or links to such information. "

Thank you in
advance. I look forward to a reply, Tori"

I realise that this makes me a tattle-tail, but oh well :)

Godaddy removed a popular site about web security and hacking (the good kind of hacking) after someone posted myspace passwords they found through a google hack. This was controversal as the site does not promote malicious hacking, a.k.a security cracking (just ignore that if you don't understand it), but it shows that Godaddy does take action in some cases. Will they take action in my case? I'm not holding my breathe but I think I have a strong case.

Protecting your site:

I was going to go into detail about how to protect your site after researching a finding some good information but I just do not have the time. But if you are worried about security I have saved you a little time by finding good sites that I will give you the links to and a little info about.

FIRST,

I want you to know, if you have a CMS (content management system) on your site like phpBB, phpizabi, etc. Turkish Hackers maybe looking for you!

They have defaced an insane amount of websites, one such hacker is reported, according to ZDnet, to have hacked 38,000 sites in one day!!

There is an interesting forum topic about phpBB sites being hacked here (http://www.phpbb2.de/ftopic33045.html)

Here you can see that webwiz forums were hacked IN MASS (http://forums.digitalpoint.com/showthread.php?t=21132)

I explained (sort of) in Part II about how they likely found us. Most CMS has a little text at the bottom that says, "running on ...[the name and version of the CMS]." For example: "phpSomething v.2" let's say.

One day hackers finds a hole in the security of "phpSomething v.2" So hackers Google "phpSomething v.2" and find sites running on that and go to town.

Some have stated in articles that they may have religious and political reasons for defacing websites. We strive to stay politically neutral always and do not want to offend anyone and if any of my remarks were offensive before I apologise.

However, we do not like having webpages defaced no matter what the reason, so let's discuss protection...

PROTECTIVE STEPS:

1) If you use an open source CMS, always make sure you have the latest version. Hackers may have had enough time to find hole in the older versions and, in the case of these hackers, when they find the hole their next step is to deface as many sites as possible.

2) Make sure you have all of the latest security fixes the developers of the CMS come out with.

3) BACK UP YOUR DATABASE! Do that often so that if you do get hacked you may be able to restore your site.

From what I have found from my research these seem to be the few options available. But there is one more preventative measure that I looked into...

HONEYPOTS:

I do not know enough about them yet to confidently write anything about them here. But I will share the sites that I found:

http://www.auditmypc.com/freescan/readingroom/honeypot.asp

http://www.google.com/search?sourceid=navclient-ff&ie=UTF-8&rls=GGIC,GGIC:1970--2,GGIC:en&q=creating+honeypots

Strength in numbers?

A good idea for fixing your site maybe to email others with the same CMS and asking them about how they fixed their sites. Here I will show you how I did that:

I Googled the hacker. Here is more of his dirty work...

http://www.google.com/search?q=cecen&hl=en&safe=off&rlz=1B2GGGL_en___US209&start=20&sa=N

Most of these sites were running on phpizabi. I looked through the list and looked for site that had since been fixed. Then I emailed them this:

Fellow victim of hacking
Hi,I also have a phpizabi site that was hacked.
I found your site because I did a google search for the jerks that did the
hacking ([hackers name]). Here is the URL of the search ( you can see that many
other phpizabi users were
effected):http://www.google.com/search?sourceid=navclient-ff&ie=UTF-8&rls=GGIC,GGIC:1970--2,GGIC:en&q=[Nam
of hackers]

I decided to contact you for two reasons. One to ask you how you fixed your
site (is there a hotfix or something?); and because I don't want this to happen
to others and figured that you probably feel the same.

Anyway, please contact me.

Tori

I received several replies and should have those hacked pages back up soon.

I hope that these posts have been helpful to some of you and at least a little entertaining for the rest.

Thus ends my struggle with Hackers From Another Planet :)

(Or So I thought...)

-Tori

Note: I editted out the name of the hackers in this post and the previous ones. I did this as a precaution and you should beware too. I searched on google blog search today for the name of the hackers website and guess what was the only result that came up? That's right, my post!!

Open To Suggestions...

We know that our hot searches for "Japanese TV online", "Japan Blogs", "Japanese lessons", "writing in Japanese online without text support" have been very popular.

We do not want to retire these hot searches because they are so useful. But we do want to make room for new ones. So we have a dilema...

That is why I posting this message and asking the community for feedback. What do you think we should do with the hot searches?

1. Retire them to the archive?
2. Make them permanent links somewhere on the search results page?
3. Keep them as hot searches?

Leave us a comment.

Thanks,

Keitaro

We've been hacked. Pride Before The Fall. Part II of ongoing saga

grrrrrrrrrrrrrrrrrrr.


(translation: bad news to follow)


In my previous post about being hacked I made some naive assumptions:

1. The hackers just took advantage of an improper setting in the admin section of the content management system (the system that manages the website; In this case it was phpizabi).
2. Therefore, magically, it would be easy to fix.

Side note: I would like to say again that the hack did not
effect our search engine or hot search archive. It only effected some content
pages on a site that was under development.

After contacting some other phpizabi users who had been hacked I found out that we were in trouble. I was hoping that I would find people who had fixed their sites and could set me on the right path toward fixing mine. I even contacted one guy who had been a volunteer helping with the development of phpizabi, unfortunately this is what he had to say:

"Hey Tori,

I got two sites that were hacked.

I didn't fix my sites,I dropped Izabi."

Not the encouraging news that I was hoping for. But there is a bright side.

• The hackers were targeting PHPizabi systems specifically so they are not likely (we hope) to try to hack any of our other content management systems. Even better, our phpizabi system was on a different site because we were still working on it so they probably do not even know about Nipponster.com.
• We still have all of the content that was previously on the site that was hacked (live internet broadcast Japanese tv stations and radio, Japanese language tools; everything that was there before content-wise)


• We can put that content without too much effort onto a new content management system which will hopefully be more secure.

So, James and Keitaro have commissioned me to get to work on that right away, "thanks a lot guys" :)


I need to find another webmonkey to help me...



Anyway. Let me show you now how the hackers targeted us.


This is a log of searches that directed people to our site:




As you can see, someone (the hacker) was searching "phpizabi r3" which is the name and version of our content management system for that site we were developing.

So that is how they found us (and others running on phpizabi), they came specifically to take advantage of a hole they found in that system.

What I do not understand is, why would the hackers make our page refresh (switch) to a message that shows the URL of their site? Like I said in my past post that is how I found out, on google, about the others who were hacked. And it is how I found out that their site's domain name is registered with godaddy.com

I contacted Godaddy about their activity, which is clearly against it's policy:

"...Go Daddy reserves the right to remove sites that contain information about
hacking or links to such information."

I am still waiting to hear from Godaddy about it. Maybe the hackers think that Godaddy won't do anything. I hope that they are not right. But I doubt that even if something is done about their site they will stop hacking websites.

Which brings us to the topic of Part III, "Protecting yourself from hackers
(with honeypots, etc.)"

stay tuned...

-Tori

We've been 'hacked.' Part I of ongoing saga

So I was chatting on Instant messenger with James last night and I asked him if he had seen some of the recent changes that I had made on one of our projects under development when he gave me the worst news of my web nerd life...

"Germans Have Hacked Our Site!" <-- Turns out that they are Turkish not German, thanks "Dr" (see 1st comment)

"That's B.S." was my initial reaction but I asked him more about it and then went to check it out myself and sure enough there it was, a most heinous message:








THOSE JERKS!




Now, I have to say that I honestly do not understand what would possess any decent human being to do something like this.

Now to deflate the egos of these low lifes, I would like to draw your attention to the quotation marks on the word hacked in the title of this post. Why? Because these guys, I am willing to bet, have not really hacked our site. And I will explain that , while chewing them out, in the rest of this post. But first:

1. I want everyone to know that the search engine has in no way been effected. And it will not be.
   
2. Likewise the hot search archive is completely fine as well.

"So then," you ask, "what did they hack into? Where is that message popping up?

Well, it is on "Nipponster Entertainment" a separate site that we have been working on that has content like live tv broadcasts, aggregated news, video clips, and pictures etc. (If you don't know what aggregated means don't worry, it is nerd-speak). The site is not really ready yet as we are still working on a lot of it; it's still pre-release. But it appears in the results of hot searches for "Japanese tv online" etc, which are pretty popular and many of our users enjoy. To see what the hackers have done click here and wait a few seconds until it refreshes and switches to their site. See?! That is why I am very upset!


So why do I say that they didn't really hack us?

I am fairly certain that they found our site by googling "phpizabi" which is the name of the CMS (content management system; kind of like software) we are using for that site. That is my guess, because I know that others using phpizabi have had that problem. Once they find your site they take advantage of some known problem with phpizabi's admin (administrator) settings to do their dirty work. I am pretty sure that is what happened although I have not gone to fix it yet and I do not think that it will be a problem to fix. But it is REALLY annoying!

I am going to check and see if there is a hotfix (a download that fixes a problem with the site) that I might have forgotten to add.

But for now I want to show you what these jerks have been doing to other hapless webmasters, it is truly sad and repulsive.
Below is the link to a search I did on google for "[Name of Hackers]" (from the URL of the hacker message):

[re-editted to admit the name]

And sure enough I found amongst the results other sites using phpizabi so I am sure that is why they targeted us as well. ARRRGH!

But on the bright side I see that the webmasters of that site were able to fix it.
I am going to contact them and hear about their experience. Hopefully we can keep others from being victimised.

AND I want to say something to you hackers (if you are reading this):

Am I going to get back at you? Am I going to find some why to punish you for your deeds by stooping to your level?

No, ... I'm going to forgive you... Because it is better

But I am going to continue this topic in future posts to let others know how to protect themselves against hackers, how to report their activity to those who can stop them, and to update you with conversations I have with other victims of these same hackers.

AND that is the end of that.
Good night!

p.s. I originally made some sensational and regrettable remarks in this post. I'd like to take this opportunity to apologise for those remarks. I am sorry. That said, having part of your site hacked can make you act rather emotional and stupid.

New "virtual tour of Japan" hot search!

This search is looking like a winner.
Have you ever wanted to see what the streets and famous parts of Tokyo look like? (for those who have not yet been)

Well now you can feel like you're there with these virtual tours.

Mission: Enhance and Improve Japan-related content on the web!

If you have read some of our other posts or communicated with us via email you may know that we are dedicated to improving the Japan-related content available online amd making it more accessible.

We want to be the Google (and wikipedia) of Japan-related content, with a similar focus on transparency and "Don't Be Evil" (Google's motto).

We want to make the web a better place for Japan-enthusiasts

So we are anxious to spearhead various projects to accomplish that.

For example we want to form a group of contributors and improve the Japanese language textbooks on wikibooks.

We plan to organise these projects through a Wikia wiki. We just requested one to day, waiting for apporoval...

-Tori

Helping Foreigners in Japan

One of the most important goals of Nipponster.com is to help foreigners in Japan (and people interested in visiting, studying, or living in Japan in the future).

I know from personal experience that adjusting to life in Japan is very difficult at the beginning (even regardless of speaking ability). Some have lived in Japan for years and still find it difficult (If you don't understand that you probably haven't lived there long enough yet :)

We hope to make things easier for would-be and current "gaijin" and any feedback and ideas about how we can do that better are extremely appreciated (contact us)

I found this video about getting around in Japan (below). It's a little cheesy (in a cute way) at points but I think it's very good and this kind of video theme could be very useful for foreigners.

-Tori