After years of manual tweaking, maintenance, sub-par hosting, outages and hacks I decided to pull down my long running website (this one) and switched to a local install of WordPress. The goal: to eliminate a lot of pain doing software upkeep and to eliminate an attack vector for opportunistic internet individuals looking to make a quick buck.
Did it work? Well the site you are looking at now is all static pages, so there’s nothing more to attack. All scripts and executable code has been removed to my local install where it is relatively safe, then it is rendered out to plain HTML and uploaded here. From what I can see, the amount of attacks and issues that I previously experienced have already gone down.
However, there is this nice reminder of the old times, which arrived in my inbox just 24 hours after this site was updated:
I nearly fell out of my chair when this arrived. Not only did I just change up everything that could have been “hacked” into on the site, but this was a straight up extortion email asking for USD $2000 in order to “keep from destroying my reputation” based on information they somehow found in my “sites database”. Which wouldn’t normally be funny except for the fact that the site has neither a database nor any reputation damaging information on it.
It’s a nice reminder that the internet can be a pretty nasty and inhospitable place if you are running insecure or badly managed services on it. So be careful out there, kids.