Things have been a little quiet around here recently, and hopefully that is a good sign. A few weeks back there was a small security breach on my webserver, and it looks like several CMS components were easily compromised. Does it help that the sites were up to date? Not really!
For better or worse, Google was among the first to notice and alerted me via email and webmaster tools. On the downside, this warning was also published in their search engine results under the title of my web pages.
After identifying, locating, and destroying the infection, I requested a site review and got the warnings cleared. Unfortunately, I’m not sure if the web search rankings are back yet.
So anyway, I have been busy at work here recently, but the plan is to build up a new and more secure server that is a bit beyond the typical shared hosting environment. Things are slightly still up in the air though, so I will fill in the rest of the details just as soon as everything is locked in to place.
In short though, removing the problem files once won’t be enough if the server itself isn’t secure. So I’m in the process of relocating to a VPS in a no-frills LAMP that only connects through SSH or SFTP. Passwords won’t be stored locally, so no one is going to be able to go fishing for FTP passwords.
I’m learning a lot very quickly, but I’m also learning that this solution isn’t for novice users. However, since I’ve been hosting and building websites for about three years now, the transition honestly hasn’t been too bad. Like I said, I’ll have a lot more details here shortly.. so stay tuned!