Endless September

By Holly Lisle

So here’s the deal. I told you all about the Jatol crash that sent me scurrying for a new host on September 4th. And you knew a little about getting the site to the new host, and up and running, which took a few days to resolve, and how the server I was on at Jatol went away right after I got all my stuff off of it.

And then I let you know about IDevAffiliate and how that program had proven to be insecure, with files that were vulnerable to spammers and phishers who were able to inject their garbage into my site and use it to send people spam e-mails and phishing traps.

So I was going to have to dump it and replace it, which I did. And the new program is a zillion times better.

But there was more. There was a lot more, and I can only tell you about it now.

See, my site carried all its weaknesses from Jatol to Downtownhost. In the many years I was on Jatol, NO ONE ever succeeded in cracking my site. This was not through any brilliance on my part, because there were a bunch of things I was doing wrong, though I didn’t know it. It was because Jatol was run by tech-savvy guys who kept their servers locked down tight.

As soon as I landed on Downtownhost, my site was cracked. I asked for help from tech support, and was told that I needed to change permissions on all 777 folders to 755, and that would fix the problem. So Margaret, bless her, spent three days of her time helping me find and test and fix every folder and file on the site that had a 777 permission. Every single one.

In the meantime, a great guy who does security checked out my site and said that although the 777 folders were certainly a problem, Downtownhost’s servers had specific weaknesses, which he listed, that made the site vulnerable no matter what I did to my folder permissions.

Worried, I passed this information on to DTH’s tech support, and was told, in hurt tones, that the security guy didn’t know what he was talking about, that he was using old software to test the site, and that my whole problem was that I had insecure folders and needed to fix them.

I did. But I was not reassured by the response I got.

And then, when Margaret and I had done everything humanly possible to ensure site security from our end, the spam email scheme and the Skype phishing schemes popped up again. Inside one of the supposedly secure 755 folders. Which meant that the security guy was right, the site-crackers were exploiting weaknesses in the server set-up and not in the file folders, and I needed to move the site. Again.

We informed DTH of the problem, and they may or may not have fixed it by now. They were, I think, working on it, because the server my site was on went crazy for a day or two. But you do not run a site that matters to you and take a pat on the head and a “There, there, this is your fault,” as an acceptable answer when you request technical support, or when you provide data from a competent source suggesting that the problem is not, in fact, all your fault, and that your host needs to get on the ball and help straighten things out. Don’t get me wrong. I really liked the DTH guys. They were friendly and they got back to me quickly when I had problems. They just didn’t get back to me usefully.

I had already received one notice from my domain name registrar that my domain name would be shut down within 24 hours if I didn’t get the phishing thing off of it. This was not an issue I could afford to mess around with.

I shut down the store again, because I didn’t want anyone’s records to get lost in the move. I shut down the weblogs and the affiliate program. Same reason. And the site wonkiness? That was me heading for higher ground with better walls.

The last few days, I have been frantically moving the site. Again. I have safely arrived, the site has resolved all the way to my new host, and I’m happy to note that, though the phishers and spammers are still trying to get into the site, they’re all failing miserably.

Go, TigerTech. And Margaret, who has put in an ungodly number of hours helping me get here, and get things up and running. There are still some bugs. I’m still fixing missing sidebars and broken links. If you land on one, please let me know.

But here’s an official welcome to the new place. Glad we all made it.

Contents © Holly Lisle. https://hollylisle.com All Rights Reserved