bjoreman.com was hacked

And it was at a very good time, too.

Yesterday my web host emailed me. They told me access to the public HTML folder had just been shut off, the reason being that I had not responded to their previous contact. Must have landed in a spam filter somewhere. In any case, shut out we were. With good reason too: my web host had done a security scan and discovered some highly suspicious files hanging out in different places.

Nicely, nobody messed around with my files. Instead they opened the site for access from my home IP address so I could go in and clean up myself. I fired up Cyberduck, downloaded the listed strange files, deleted them from the server and then told my host things were clear at which point the ran their scan again and opened the site back up. I kept going by downloading and deleting a lot of other old cruft - test pages, old databases and FTP accounts.

The good timing part of all this is that I moved to this incarnation of the site a few months ago. This thing is generated on my own computer and then uploaded as static, stupid pages. Thus, the whole PHP, MySQL and duct tape framework that is the previous version was already going into semi-retirement, making removing anything unused feel that much easier. I am even thinking about removing the whole site altogether, but that feels a bit like overkill. I like things to stay in place, if nothing else then for myself to link to every now and then.

I think what I will do is shut it down more and more, removing most or all of the editing features, essentially making the site read only.

I am kind of looking forward to writing one last "Closed" notice before uploading a version which removes all editing functions.