Hontou ni Fort Knox this isn't
Coming to you soon via every nook and cranny!
While hosting your blog on your own domain is nice in terms of the latitude to customize, it's a bit of a pain when it comes to ensuring security. Especially when problems come in all shapes and sizes. The destruction of Heart's Content was one of the more dramatic negative demonstrations of this issue.
More recently, super rats reported that Happy Soda had been bot-hacked. A few weeks ago, my anti-virus program stopped me from visiting Mega Megane Moé because the header.php was infected with Trojan-Downloader.JS.Iframe.atl - having some experience with a similar problem because a certain someone rolled back his WP install because he didn't like the way his theme looked after I had performed the (pre 2.7) upgrade, I gave a shout out to CCY via MAL and the problem was sorted out pretty easily.
The standard advice includes:
- Keep your WP installation up-to-date
- Download themes and plugins only via WP.org as far as possible
- Back-up, back-up, back-up
But it is to my great consternation that, despite the above, the Holy Empire of Hontounia is being plagued by some kind of pharmacy hack injection attack that has installed a sub-directory under the root twice over the past three days. Which advertises anime porn.
While I love my hentai stuff, I don't really appreciate having a neon billboard attached to the front of my house without my permission and without me getting a cut. Not being able to close this loophole has been rather vexing, partly because, according to a certain personality test, I'm the type that go nuts about these kinds of things. But also because I'm not able to blame Stripey this time.
Feedback and advice would be greatly appreciated.
Related posts:
Recent Comments
- Sora no woto 10 (2)
- Sora no woto 9 (3)
- Zyl: @ Kherubim re:...
- Sora no woto 8 (6)
Series & Themes
Maki Maki Blogroll
- a product of wasted time
- yuri goggles
- josh's anime blog
- drastic my anime blog
- baka-raptor
- blue fox alley
- RIUVA
- incredible nothing!
- hashihime
- random curiosity
July 24th, 2009 - 10:23
It’s a bit of a hassle to secure your blog. I have been mulling over quite some time before I took the plunge and set up my blog live. (I wasted 5 months mulling over how to secure the damn host, then I realized, “This is Dreamhost, fuh’god’s sake. Just do massive back-ups every twice a month, and you’d be alright!” And, yes, hosting my blog over Dreamhost is failure. Could you recommend me a better web host plskthxbai.)
There are many ways to perform a basic secure of your blog and your host, but I am too lazy to find out.
(I know of .htaccess access restrictions, permissions settings on the individual [sub]directories in your FTP, and a few more PHP codings within Wordpress to add an extra layer of security. Heck, one can theoretically set up a SSH root onto the file server so that you can securely connect, but I’m just a casual blogger, not a power-programmer
July 24th, 2009 - 11:37
I haven’t tried the plugin yet, but I did find this thread interesting.
July 25th, 2009 - 01:33
There’s plug-ins to easily schedule backups, it doesn’t take much effort so pretty much anyone self-hosting should do this.
July 24th, 2009 - 13:42
I fled Dreamhost a year plus ago but the quality of my current host (ANhosting) also deteriorated somewhat after the owners sold out to O2. It’s still a tad better than my final few months experience with Dreamhost though.
I’ve got no IT background so I’m always leery about fooling around with .htaccess and PHP but thanks very much for your suggestions.
July 24th, 2009 - 13:43
Thanks Kabitzin. Looks promising but I’d like to wait until things become a little more tried and tested (and easily comprehensible to non-developers) before installing ‘em plugins.