It’s been a frustrating time for anyone even vaguely interested in reading this blog: it’s been up and down like a yo-yo. My apologies.
Last Thursday my account was suspended by the hosting company, on the grounds that it had been reported as a phishing site. To my shock they were right. So the site was taken down, passwords changed, the offending file was located and removed, and, with a little help from friends, the site was brought back up.
I then decided to upgrade to WordPress 2.5.1 to try and improve site security. With a wobble or two, we got there.
Then on Sunday my account was suspended for a second time. This time for trying to send over 500 mails an hour. Something was rotten in the state of my blog.
So there was nothing else for it. Zap the blog. Reset everything. Start again from scratch. Hope the backups work. And again, with a little help from my friends, it was all right on the night.
There were many offers of help, many who did help, particularly at i-together and at osmosoft. You know who you are. Prepare for dinner. Sumptuous ones.
All this made me think. Common civility requires us to stay away from groups and crowds when we’re infected with physical viruses like the common cold. The same is true for the devices we attach to the web, and for the assets we deploy on the devices.
JP,
I had something similar happen to my blog a few months ago, nefarious scripts on pages that were dropped into my /images folder were causing my account to be suspended by my hosting provider. I keep a pretty good eye on things now, but am very concerned about the state of insecurity in the blogosphere.
Not fun! Gave me flash backs to the time I discovered Digital had left back door service accounts on all the VAX machines, which various folks had been using…
Default permissions are much better than they used to be, but security is still much of an elite art – definitely not plug and play!
Must have been awful JP – good luck
Computer security is one of those things that requires a holistic approach and demands you never rest on your laurels for long. If you are not setting strong passwords and changing them periodically you are checking for updates to your software and looking out for new attacks. Many do fine without taking such measures, and of these some are keen to remind me of this. But just like insurance you never need it, until you need it. In any case all this is rather obvious, but still I have to admit that despite which I have myself been caught out in the past.
Of course you get operating systems that have a reputation for being more secure, such as OpenBSD and OpenVMS (without default service accounts!) But the moment you add applications you introduce attack vectors. And even with managed solutions the same can be true once you start to customise the stock configuration.
You would have thought a lot of this would be sorted out by now and we could take security for granted, but if anything the situation seems to get worse. And I’m not sure what the answer to the wider problem is.
In terms of your situation it might be worth installing Tripwire or some other form of intrusion detection system. So that if another attacks occurs you at least get early notification and more clues as to the attack vector employed.