Well, I found out a few days ago that it looked like this site had some malicious code injected. I don’t know how it happened and it’s the second time this site has been successfully attacked. I’m not sure if I wrote about the previous time, I guess it’s not something you advertise to the world. I know it happened when I asked a class to look at my site and some of them told me that Google was returning a “this site might be hacked” warning. What was quite interesting was that the bad code that had been injected knew when I was looking at the site and would return the standard website.
This time noticed because a load of php files had appeared where I didn’t think they should be. Friends confirmed it was messed up and sometimes redirecting to a dodgy website. After an initial panic and swearing outburst I set about fixing this problem. I was a little annoyed as recently I have moved to an external server and also set up a security certificate proving that I own the domain and website and securing communications between you and the website.
Basically I took a copy of what backup files I could. Copied the uploads folder. And then completely reset the entire website to zero. I then set about the process of rebuilding what this place looked like in its glory. This requires quite a bit of time consuming work including resetting security certificates and propagating DNS information around the world. The frustrating thing for me is the lack of upload bandwidth that I have at home. It takes some time to upload about 6GB of data to the server.
So, I think it is working again. I will check using a few techniques I have learnt over the years but I could also do with you people letting me know. Of course, if it’s still broken you can’t see this but perhaps you could let me know if you can see this.
Have fun, stay safe and be good.