Super quick wordpress exploit stopper

I got an email yesterday from my host (DigitalOcean) that I was running a phishing website. So, I’m not, but I quickly guessed what happened: my WordPress got hacked. This is just one of the risks of running silly little PHP apps. I logged in, deleted the themes directories, reinstalled clean ones, and ensured this doesn’t happen again by doing the following:

  • useradd apache_ro
  • chown -R apache_ro:apache_ro $WP/wp-content/themes

Now apache can’t write to those directories. This means you can’t update WordPress via the web UI, but I’m ok with that.

Digital Ocean – First Impressions

For the past few years I’ve been hosting this site on an old desktop in my basement on my FiOS connection. This was one of the things I really liked when I switched from Cablevision to Verizon – they don’t block port 80 inbound, so I didn’t have to pay for separate hosting. My “server” was an old AMD desktop with 1 gig ram and a sata drive. It was ok; my site was slow but I was ok with that. I configured Nginx to cache the static assets which sped most things up to “ok” levels but it was never fast.

This setup had a bunch of problems though, and the biggest one was power. Namely, it goes out in my house all the time. I probably have 4 or 5 brief outages each month, and my old box doesn’t come back up properly on reboot (some bios conflict with an eSATA disk I have hooked up to it). Plus, since my basement became a huge bathtub during Sandy, my site was down for about a month, but that wasn’t really a big concern at the time.

Anyway, via a “Promoted Tweet” on Twitter I found Digital Ocean, a VPS provider with rates starting at $5/month for an SSD-backed VM. They also had a promo at the time for a $10 credit, so I figured I’d give it a try.

Account creation was simple and I didn’t need to enter my CC until I actually created a server (“droplet” in their parlance). Server creation was pretty trivial: select the OS image (I chose CentOS 6.4 but they offer Ubuntu, Arch, Debian and Fedora as well), the size (512 MB ram through 16 GB), the region (San Francisco, New York, or Amsterdam), enter a hostname and your SSH pubkey. In about 60 seconds your server is ready to go, with a public IP and everything. My VM has a 20 GB disk and the base OS install was about 900 MB. I installed Apache, Nginx, MySQL and some other stuff, then dumped my WordPress DB and uploaded it to the new VM and copied the entire Apache docroot over as well. Within about 30 minutes of spinning up the VM I had everything up on the new box, and I made the DNS changes shortly after that. Pretty straightforward.

It’s only been a couple of days but so far I’m really liking the performance. My site doesn’t get a lot of traffic to begin with, but since I cache most stuff to disk, and the disk is SSD, it’s really quick. I’ll keep an eye on it but so far this is looking like a great choice for small website hosting. The only thing is I’ll need to setup some sort of offsite backups, but I can just cron an rsync to my home machine for now.

evanhoffman_digitalocean

Blog rename again

I hate calling this site “Evan Hoffman’s Blog,” but it seems that when I Googled my own name most of the results were about this guy. So let me just clarify… that’s not me. I enjoyed having the title be obscure lyrics from songs I love but drastic times call for drastic measures. And let me tell you… renaming a blog is serious business.

Chaos theory and Google’s crawler

I’ve been moderately perplexed by the recent spike in traffic on basically unrelated keywords. Apparently this site is currently the #5 result for “fedora 15 beta download” despite my having never written about Fedora 15. In an attempt to funnel people to a useful page I created the previous post with links to the FC 15 ISOs. I feel bad if people come here looking for an answer that’s not to be found.

In looking into this issue I searched Google for the keywords and saw this:

evanhoffman.com is blockable
evanhoffman.com is blockable

There’s a “Block all evanhoffman.com results” link under my site, but there’s none under any of the other sites. What the hell? Does my site somehow qualify as a spammer or content farm? Why do I get this dubious distinction? Ugh.

Traffic spike

Somehow this site became the top Google result for two different searches, “Shogun2.dll appcrash” and “fedora 14 gnome3”. My theory is that Google’s indexing the referring keywords listed in the widget on the right, causing a snowball effect. But the rise in traffic this year has been dramatic, especially for a site really about nothing.

Traffic 2011-02-01 to 2011-04-08
Traffic 2011-02-01 to 2011-04-08