Last night I was trying to finish up some stuff for a small client so I’d have everything they need done by the end of the month. It was kind of a trial as I upgraded their site to use Slimbox 2 and was running into an issue that was totally messing me up. It turned out to be a directory permissions issue. While I love Safari, it could have been a bit more clear about the fact that it couldn’t read the files in a certain directory. That is, when you say it took “this long” to read a file, I tend to assume that you actually read that file. Never assume.
I was just finishing up and looking forward to some TV when I noticed some links at the bottom of the pages. Oh great, the site had been hacked. By a hacker who had a lot of time on his hands. The hacker had gone into my custom code and found the exact place to include his links. I was amazed. Luckily, he was very clean about it, and since I use Subversion to track all my code, I just deleted all the files in the directory and copied the right ones back, changed the passwords, and did some other stuff.
From the looks of it, I think the user had full access to the account. The passwords were on the weaker side and I left them that way because quite honestly this isn’t a site with that much traffic. There’s no customer data stored on the site or anything like that. I can’t imagine it would have been worth his while to hack it. It’s also a site that’s clearly maintained, so I just don’t see the point. But it took me a while to deal with it. Now the passwords are ridiculously strong.
I really don’t like the web host this customer is using. It’s Lunarpages. They don’t support sftp, or ssh, or any number of other things and they’re all around lame. So we will be moving the site to a new host soon.
I used to be more easy going about this, if customers had a host, I wouldn’t try to get them to change, but now that I have a host that I know is economical, secure, and easy to use, I think I’ll be more likely to suggest the switch. It’s easy enough to cost justify, and will save all of us pain in the future.
Submit a Comment