2025, Site Rebuild, What

What Happened on August 16

by eabel

WARNING — TECH TALK AHEAD

In the early morning, I believe that there was an incursion which took the site off line.

This was the 4th incursion into the site; I didn’t tend to it immediately, but I was able to restore things by around 26/August; most of the restoration came from restoring the backup. The backup dated to early winter so I redid the lost pages (you will notice the -2 in the titles of the new versions).

Of the 4 incursions into the site, this was clearly the most pointless; nothing achieved except to make the site unviewable. Specialized files were created that kept users from accessing the site’s content. I ended up removing over 1500 of these files (thanks to the creators of WINSCP software). Initially that did not work so I restored content from the last backup and a few other folders. The site came back but stopped soon after so I discovered that non-Wordpress folders were also affected so I had to remove another bunch of files. I suspect that were I aware of these other folders, I may have been able to bring the site up without restoring folders from backup.

When this sort of thing happens it is important to avoid seeing yourself as a victim. You can almost always find out what sort of security lapses are the cause. Here are the security failings that lead to the 16/August incursion:

  • Backups
    • I typically backup when I install a new level of WordPress.
    • This is not enough, new policy is to backup after every second page is published.
  • WordPress Upgrades
    • This was truly laziness on my part.
    • WordPress updates frequently but features rarely change, the reason is that the updates are based on security problems. I would routinely allow as many as 10 updates to go uninstalled. New policy is to update every time WordPress releases a new version.
  • PHP Upgrades
    • This is actually laughably easy to manage using CPanel but I had to figure that out.
    • WordPress warned me that I was out of date but I waited to resolve it. New policy is to check for updates periodically.
  • .htaccess
    • This is the name of the files that proliferated on the site … they are still appearing from time to time, I will be diligently removing them as they appear before they make the site unviewable.

With this message, I’ll return the Preview Page to normal operation.