PERSONAL

1

1,292

Site issues - Resolution!

4 years ago - Edited 4 years ago213 words

The site's been back for a few days, but I wasn't sure the root cause of the issues had been addressed. Now I think it has been!

My webhost's support got back to me again after several days, and let me know that there was a security vulnerability in my code which essentially let anyone load any arbitrary url into the pages, which they were doing to hijack the mail server's resources for their own nefarious ends.

It's embarrassing, since the issue is one that I had code to prevent way back on Fig Hunter, but for whatever reason I'd neglected to add it in this iteration of the site. I've added it now, obviously!

Once I knew what was going on, it took less than five minutes to patch up the hole. It's actually good to know it was just some coding mistake on my part rather than something more sinister.

This probably also explains how the dodgy control panel things got into my site's files; they didn't have FTP access directly, but must have used some generic thing that looked for any folders called 'screenshots' - a common name - and uploaded into them.

So hopefully that means it's fixed now. Good! I'll probably write a couple of new posts tomorrow.