Endless September

So here’s the deal. I told you all about the Jatol crash that sent me scurrying for a new host on September 4th. And you knew a little about getting the site to the new host, and up and running, which took a few days to resolve, and how the server I was on at Jatol went away right after I got all my stuff off of it.

And then I let you know about IDevAffiliate and how that program had proven to be insecure, with files that were vulnerable to spammers and phishers who were able to inject their garbage into my site and use it to send people spam e-mails and phishing traps.

So I was going to have to dump it and replace it, which I did. And the new program is a zillion times better.

But there was more. There was a lot more, and I can only tell you about it now.

See, my site carried all its weaknesses from Jatol to Downtownhost. In the many years I was on Jatol, NO ONE ever succeeded in cracking my site. This was not through any brilliance on my part, because there were a bunch of things I was doing wrong, though I didn’t know it. It was because Jatol was run by tech-savvy guys who kept their servers locked down tight.

As soon as I landed on Downtownhost, my site was cracked. I asked for help from tech support, and was told that I needed to change permissions on all 777 folders to 755, and that would fix the problem. So Margaret, bless her, spent three days of her time helping me find and test and fix every folder and file on the site that had a 777 permission. Every single one.

In the meantime, a great guy who does security checked out my site and said that although the 777 folders were certainly a problem, Downtownhost’s servers had specific weaknesses, which he listed, that made the site vulnerable no matter what I did to my folder permissions.

Worried, I passed this information on to DTH’s tech support, and was told, in hurt tones, that the security guy didn’t know what he was talking about, that he was using old software to test the site, and that my whole problem was that I had insecure folders and needed to fix them.

I did. But I was not reassured by the response I got.

And then, when Margaret and I had done everything humanly possible to ensure site security from our end, the spam email scheme and the Skype phishing schemes popped up again. Inside one of the supposedly secure 755 folders. Which meant that the security guy was right, the site-crackers were exploiting weaknesses in the server set-up and not in the file folders, and I needed to move the site. Again.

We informed DTH of the problem, and they may or may not have fixed it by now. They were, I think, working on it, because the server my site was on went crazy for a day or two. But you do not run a site that matters to you and take a pat on the head and a “There, there, this is your fault,” as an acceptable answer when you request technical support, or when you provide data from a competent source suggesting that the problem is not, in fact, all your fault, and that your host needs to get on the ball and help straighten things out. Don’t get me wrong. I really liked the DTH guys. They were friendly and they got back to me quickly when I had problems. They just didn’t get back to me usefully.

I had already received one notice from my domain name registrar that my domain name would be shut down within 24 hours if I didn’t get the phishing thing off of it. This was not an issue I could afford to mess around with.

I shut down the store again, because I didn’t want anyone’s records to get lost in the move. I shut down the weblogs and the affiliate program. Same reason. And the site wonkiness? That was me heading for higher ground with better walls.

The last few days, I have been frantically moving the site. Again. I have safely arrived, the site has resolved all the way to my new host, and I’m happy to note that, though the phishers and spammers are still trying to get into the site, they’re all failing miserably.

Go, TigerTech. And Margaret, who has put in an ungodly number of hours helping me get here, and get things up and running. There are still some bugs. I’m still fixing missing sidebars and broken links. If you land on one, please let me know.

But here’s an official welcome to the new place. Glad we all made it.

image_pdfDownload as PDFimage_printPrint Page

Posted

in

, , ,

by

Tags:

Comments

9 responses to “Endless September”

  1. zette Avatar

    And now we’re all here at TigerTech together. Your site, FM, my site, several other sites I have. . . .

    September was far too busy with this kind of stuff.

  2. Noucamp Avatar

    Hello Holly, I recently subscribed to your diary. I’m interested in writing, from UK, it’s fascinating to read a little of what goes into your works.

    Pleased to know you got your site up again. I know those “777” issues only too well! Take care. Mark.

  3. Chassit Avatar

    Wow, Holly when it rains it pours. Here’s hoping October treats you better.

  4. TJ Avatar

    Glad to hear that things are looking up. I hope that October is a much better month for you.

  5. heatherwrites Avatar

    Wow. Glad you got that fixed.

    My meager website is through (sounds like ah who, begins with a y) and I use web based email. I have no idea what numbered files mean, etc.

  6. Keely Avatar

    Wow!!! We moved? I didn’t even know my bags had been packed!!!

  7. Mo_olelo Avatar

    I really do admire anyone who is able to figure all this coding stuff, etc. out.

    I have my website on one of those that supply the templates and other features for a yearly fee that they call premium service. But I’ve thinking it’s time to move to something more fully functional. And the thought of moving things to a new host the way you have (twice now) just terrifies me.

    So Holly and your ever wonderful helpers… I do admire your skills and dedication.

  8. Holly Avatar
    Holly

    Yeah. Still critical.

    But you need server support, too.

  9. PolarBear Avatar

    Whew! So, I detect the 755 permissions are essential no matter where you are? (I think I fixed mine — I had a few.)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

9
0
Would love your thoughts, please comment.x
()
x