I have really mixed emotions about being hacked this afternoon.

On one hand, it kinda made me proud, in a perverse sort of way.  Sure, it was my own damn fault for not keeping the backend up to date, which is indicative of my “maintenance laziness.”  You can ask my wife about that.  Give me something to build, or a good problem to gnaw on, and I’m happy as a clam.  But to maintain something, day to day, that bores the bejeezers out of me.

I haven’t been doing a lot of webwork lately.  So it was nice to see I still have the chops to rebuild a CMS from scratch, get a bunch of extensions playing nicely together, and get a modified theme up and running in a matter of a couple of hours. Even though the site looks almost exactly the same now as it did before the hack, behind the scenes there were some not insignificant changes.   The “video” plugin is different, just for one example.  That meant that I had to go back and change the semantic structure of the posts with embedded videos.  A few other changes meant I had to rapidly assimilate changes across multiple posts.  The “theme” didn’t quite play nice with the updated backend at first, but I was able to quickly nail down the bulk of those glitches as well.

Also, there’s the satisfaction of “beating the hack.”  Sure, my site was kerflucked for a bit, but once I spotted it, I was able to quickly mitigate the damage, without losing any data.  Screw you, nameless, faceless hacker.  My site will survive.

The other side of the coin is being annoyed, on a couple of different levels.

First, it pisses me off that people think it’s Ok to mess with someone else’s website.  It’s the same mentality as physical vandalism.  A fundamental lack of respect for things that belong to other people.

But it goes beyond that.  The motive for the hack was financial.  They wanted to take over the site to serve up spam, and create a link farm to game the search engines.  This site, while not exactly about high ideals, isn’t about making money.  Someone basically came in, messed up my hobby shop, and tried to turn a buck off it.  That’s annoying.

Second, it’s a reminder that web security is a constant, moving battle.  This site was as secure as I could make it at the time I first set it up.  But new vulnerabilities are constantly cropping up.  Yesterday’s secure has no relevance 48 hours later.  I don’t have the time or patience to constantly update the backend with every security patch that comes along.  I already waste a couple hours a week trying to keep my home network and computers secure.  Adding on this site (and a couple others that will remain nameless) to my list of weekly computer security chores takes away from time I could be, you know, enjoying life.  Doing things like building and firing off rockets, going to fireworks festivals, playing video games, and (most importantly), cuddling with my wife.  Just to name a few.

Anyway, I’m off to do a couple of those things now.  I’m thinking cuddle, game, cuddle.  I’ll back up my database before I do, so if someone decides to hack this while I’m off enjoying life, I’ll get around to rebuilding it all over again.

Something to say?

%d bloggers like this: