I made a post already about this in my site updates section but I just want to talk a little bit more about what’s going on because a lot of things don’t work right now and I lost a lot that I’m going to have to rebuild. I’m fortunate to have been able to salvage as much as I did.
So about a week ago, my site was hacked. I don’t know how they got in. I thought I made my server secure and my website secure but someone or a bot managed to find a vulnerability and hacked my site. I found out from an email notification I didn’t see until about 10 hours after the fact saying that the password on my admin account was changed. So the very first thing they did was try to lock me out, which didn’t work. I got back into my site, and when I did, the first thing I did was check the users panel, where I saw A BUNCH of new admin accounts. I deleted them all, not that it likely made any difference. And obviously, I changed my password. Second thing I checked were my plugins, which, I saw they installed code snippets and were messing around with my site. Third thing I checked were my file uploads, where I saw an exe file. I took my site offline and thankfully had a lot of old backups saved, which, I restored my primary site backup and my main site backup, but I held off on saving my backups for my library subdomain and my cottage subdomain, which I sorely regret now, because I’ve lost them. I haven’t totally lost them… I still have the latest version of my site on my raspberry pi, but it’s highly likely my files are infected so I can’t restore them or else I risk compromising my site again.
Right now, my primary domain and sovereignweb subdomain are running on old backups I had from March. I had old backups for my other subdomains, but I had a script running that automatically deletes my old backups after a certain period of time, and of course, I forgot to turn that script off and my old backups got replaced with new compromised backups. I think whoever hacked my website also managed to compromise my raspberry pi, because upon restarting it, a lot of errors popped up. I’m going to have to wipe it. The only reason I haven’t yet is because I’m having a really hard time letting go of my Library subdomain and my Cottage subdomain. I have all of the files for those subdomains included with my primary backup, however, I’m completely missing the sql databases for those two subdomains, which means I’m going to lose all of my posts, all of my pages, everything that gets logged in those databases will be gone. I still have the OnionRing files for The Book Ring and the Free Speech Webring, but both of those webrings currently need redirects in order to be working again. So they are down for now until that gets done. I won’t be rebuilding my Town or Library subdomains again. I will be moving the Library to my primary domain, but in order to not disrupt my webring members, I will need to create a subdomain to link those files to, even if no databases are associated with it, which I don’t think will be too hard, just annoying. But the Library pages will need to be completely built from scratch. Cyrus, will need to be rebuilt from scratch. I’m going to have to completely redo the new webring system I started.
I’m trying to look on the bright side of things. Like, this could be an opportunity to completely redesign the Library and the parts of the Cottage I was planning to move over. Right now I’m moreso just struggling to find the motivation because losing 2-3 years of work is brutal. I’m just going to take my time though and wait for the inspiration to strike. Lately I’ve just been trying to force creativity when my heart isn’t in it, and I think that ruins creative hobbies for me. I just need to pull back for a bit and find my spark again.
To anyone who’s part of the Free Speech Webring and The Book Ring who might be reading this, your webring widgets probably aren’t working. They will again once I get around to fixing them, there’s nothing you have to do on your part. I’ll get to it soon.