News relating to Wildspeak.com

[moonvoice]

Briefly:

Wildspeak.com has been hacked. Not in an obvious way to people looking, but nevertheless it has been. I'm currently talking with my host/provider to see what I can do and how they can help; but the reality is I never had the technical know-how to run a site like Wildspeak.com. Back seven years ago when hacking was less common and malware less sophisticated, this wasn't such a problem, but I'm not evolving with the technology, and that's just the reality.

I am seriously considering shutting everything down and re-opening the totem information page on something like a Wordpress blog, where they have the paid employees to do the heavy lifting when it comes to things like security.

The fact is, I just have no idea what I'm doing. I'm probably a PITA for my host, and I can't afford to pay someone to regularly look after the security of the site and the back-end in regards to coding and so on.

Just to let you know that if Wildspeak.com mysteriously disappears and then mysteriously never comes back, you know why.

ETA: My host got back to me in less than ten minutes and we've been working on it. I've changed some of the permissions, found the root folder that was hacked and deleted it, changed the password, and am keeping an eye on it vigilantly over the next two weeks. Apparently it's pretty common. That said, my old build forum may be contributing to security problems, and it might mean that I have to really look at whether I can keep the forum. BUT; we'll see.

Comments

[xmetanoiax]

*Offers hugs*. I hate that people would do something so lame, especially to such a harmless and beautiful site. I really hope you can sort it out.

I can see how moving all that information to another site would be quite the hassle, especially a site like Wordpress that, although awesome, is kind of limited for such an expanse project, but I really hope if it's your last option you have the ability/time/wellness to do so, because I do adore the site quite a bit. (Run on sentence much?)

Of course as always, do what's best for you. I hope things get sorted out. <3

[erynn]

If moving it to Wordpress or another similar site is safer and less work for you, then that's what you should do. Getting hacked sucks.

[lupagreenwolf]

Crap, that really sucks! Shouldn't your host be responsible for their servers being secure, though?

[michael]

I think it's usually standard practice for the customers to be responsible for the software they run, rather than the hosting company.

But yeah, I think it's safe to say that a bug in phpBB was the avenue for compromise.

[moonvoice]

But yeah, I think it's safe to say that a bug in phpBB was the avenue for compromise.

I'm thinking that too. :/

And yeah, the email I got from Google - of all places - informing me of the third party hack, and suggesting things to try because they 'wanted to keep my website listed,' basically listed a whole bunch of things I could do, but to contact the host for advice just in case.

[outlineofash]

Fucking hackers. :(

[paleo]

If only I could teleport my IT to you. :-(

[white_rabbit]

Christ. There have been massive hackings all over the place recently, haven't there? I didn't think they'd target smaller, personal websites though... I hope it's not too difficult to iron out with your website hosting/provider. <3

[michael]

Hacking small sites can still be worthwhile as they can be used for botnet type activities, or for boosting the google pagerank of their viagra online store by inserting hidding links and keywords into every page...

It's surprisingly common; the Luna Palace website was similarly affected a few months ago, to name one example.

[gone_fishing]

Well shit, that sucks.

WordPress isn't too bad if you want to move there. I personally like Weebly for something that isn't blogging and is more fixed articles, and you can also use your own domain there, but YMMV.

[spider_fox]

The bastards >:C

I hope things work out.

[starstrider]

=/ Yikes! That's awful. This is one of the big reasons I don't have my own website for my photo stuff yet. =/

[feralkiss]

phpBB forums are full of fail, regarding security. You may also want to consider switching to another platform, before dropping the forums completely. :)

[ariestess]

Ugh! I hope whoever did this will DIAF! I hate this kind of crap!

[goddess_incarnate]

Being hacked is such an intense violation of space and sense of privacy. There's so much trust thrust out into the internet that it's really traumatizing - to me anyway - to have your personal information corrupted. It reminds me a lot of Facebook and how people just put all sorts of info up there without even thinking about it. Or no matter how much fear people have on the macro level (ie: terrorism) people don't know how to protect themselves day to day. :/

I hope everything gets worked out. That really sucks.

[finch]

I've done pack-up-and-move-to-wordpress before. It was a fair amount of work getting everything sorted the first time but after that it wasn't bad at all.

One way or another I hope you get it sorted. It sounds like a lot of unnecessary hassle because of some hackers.

[darakat]

Hackers suck. Period.

It makes sense to move it to a blog format really, it would be simple enough to do, but take a while to get done. You could easily still have the whole "donate" stuff there and as an added bonus you have a back-end securtity who have it in their vested interest to make sure you are not hacked. One would think the host for your site would have that, but apparently its not the case as they don't get money from advertising on raw sites anymore, advertiser want content driven ads that related to the topic of things on blogs, in google searches, facebook pages, etc. Adds on sites are a thing of the past.

On a related matter I am slowly moving all my dream related stuff to a blog like format were the security is relatively stable rather than having it stored on a archaic forum (although I have no problems with it staying there till the site dies its eventual death in a few years) and it takes an age.

[elialshadowpine]

phpBB is horrible for security. We had this happen several times when we were using the software for our former writing community. My husband, who does web hosting, actually will not host phpBB forums anymore because if it is not kept absolutely up-to-date (which can be very difficult to do if you have any non-standard forum mods... and even if you don't, can still be a bit of a pain), it's incredibly high-risk for hacking.

Wordpress doesn't necessarily have higher security; it depends whether you're hosting off your own personal hosted site, or their wordpress.org free blogs. There are much less customization options off Wordpress.com free blogs, so a lot of people host their own. The problem there is that you then need to update the software yourself, because Wordpress still has to get updated like anything else. That's the problem -- there are always hackers looking to break into the latest release of Wordpress, phpBB, and other such software.

It's why my husband actually updates the Wordpresses he hosts manually, rather than waiting for people to get around to it. Most of the people he hosts are friends who aren't technically inclined and wouldn't know how to go about doing it (hell, while I'm versed in theory, I don't really know how either), because he's the one who ends up having to clean up the mess if there's a hack.

[scatteredshells]

This, too, really fucking sucks. I do hope you are able to find a solution which includes keeping the forum, but I completely understand if that's not how it goes.

[redsixwing]

Oh noes! I'm sorry the site got hacked, and what a lousy way to find out about it.

[filhotedelua]

If theres something us that uses the site a lot help, just tell. Your work is wonderfully helpful and is very unfair that wildspeak suffer any kind of attack.

(it's lobamanca here,from the forum)

[shistavanenjedi]

There was a massive spam account problem on one forum which I was a moderator of. It was so bad that we had to close applications to join so that we could look at them before we approved them. Problem was, there was so much of it that it was vary difficult to sort out genuine new sign ups from the spam and no doubt a lot of new people had their accounts deleted (I did post a message telling people to e-mail a moderator with their account name and e-mail so that they could be found and approved, but people don't always read these things or act on them) and I'm sure it killed the forum.