Introducing SomeRandomNerd.net

So, de-hacking my server, patching up holes, reinstalling software etc. is going to take a bit of time. Which raised the question of what I really wanted to do with the whole thing.

I was using Drupal as my CMS. While it was fun to set up and tinker with, frankly I'm bored of maintaining it, looking for 3rd party plugins to do what I want to do, installing updates etc. So I started thinking about alternatives.

Wordpress - see Drupal. Self-hosted, it still needs a fair bit of maintenance and looking after (and being widely used, is quite a big target for hackers. Some of the hacks that hit my Drupal site are actually Wordpress hacks – so I don't think they actually had any effect, but presumably would have done had I been using Wordpress.)

I could build my own custom CMS (which I've done before) - but I know that it will always have rough edges that I will probably never get around to polishing. (See: MyElectronicBrain.com) and I think I would rather be trying to do something new with my time than redesigning the wheel – at least for my 'main' website.

Tumblr - Its free. It has lots of 'social stuff' going on. Its up and coming (if not 'up and already here')… but to me, its not clear where it's going. And it isn't 'mine' – I don't have full control over everything. While I do have a Tumblr blog, I don't think I want it to be the 'hub' of all my online activity. (And it bothers me slightly that I don't really understand their business – the whole thing that 'if you aren't the customer, then you're actually the product' comes to mind…)

Squarespace - I know that I am the customer, and I understand what I'm paying for.

The downside is that MarsEdit doesn't work, which is a shame. But it seems to do everything I want to, and seems to have lots of flexibility for developer/designer tinkering. The iPhone app looks very good, which is helpful for posting short notes & links.

So, I've signed up for a year. I do plan to get the old SomeRandomNerd.com website up and running again – at the very least, so that I can get all my posts out of it and maybe put them here.) So dealing with remapping URLS etc. is something I'm probably going to have to deal with at some point. But it doesn't sound like a fun job, I don't have a lot of time on my hands at the moment, and I don't want to do a rush job of it.

So in the meantime… Welcome to SomeRandomNerd.net!

Info
Written by Scott Thompson On

Hacked again...

On receiving an email from Google Webmaster Tools earlier today (14th Jan 2013) telling me that my 'old' website (at somerandomnerd.com) was serving up malware, the first thing I did was yank the website offline and put up this holding page (a bare HTML file) and start figuring out what the problem was.

(At least, that is what I thought I had done. But because my browsers weren't letting me visit the actual website - because Google was reporting it as containing malware - I couldn't see what was happening.)

So, the first place I looked was my Theme files- the ones that actually generate the HTML code that gets served to visitors. Sitting in my custom theme was an iframe, which linked to what looked like a Wordpress update script (judging by the URL), sitting on a .ru domain name. As my CMS is not Wordpress, this looked pretty obviously out of place.

(The slight worry is that I do have Wordpress installations on my server, so I'll be checking them over for any issues- as anyone/thing that can rewrite one file might be able to rewrite another.)

The second place I happened to look at also had a nasty, foreign iFrame. As did the third. So, some script has clearly run through my server, found every file that looks like it generates an HTML page, and made it do something I don't want to do.

It was about this point that I decided to check to see if this page was appearing instead of the compromised page by visiting it on my phone - which promptly bounced around about a dozen different URLS, before landing on some dating site. (As you can see, I've fixed that problem. At least for now.) The second problem turned out to be a modified .htaccess file (which is a file that usually is used to tell the server what to do if unexpected things happen – if pages have been moved, '404 page not found' errors etc.) which had been changed to redirect any visitors to a different site. An easy fix once you know what the problem is, but not (for me) a simple problem to find.

Annoyingly, my home router broke down yesterday, so I don't have a broadband connection at home. Meaning that I'm having to figure this out (and fix what I can) over a mobile connection. Oh- and mobile coverage of my house is hit and miss, dropping in and out pretty much at random. Which makes it even slower and more frustrating than it would be otherwise. (Also, as an added bonus, my 3 and a half year old son decided against sleeping this evening.)

So, right now I'm wondering if I can be bothered with the effort of ongoing server maintenance etc, and just moving everything to Tumblr or Squarespace or something where I don't have to worry about security, spammers and malicious scripts, and can just get on with writing things that I never finish again.

At least I know what I'm doing with that...

Info
Written by Scott Thompson On In