Mea Culpa!! I got a notice yesterday (it may have actually come in Friday night, I don’t remember) that a hacker had planted a phishing page on our website. I had, unfortunately, stopped being quite as diligent about looking at the logs from the website on a regular basis. I’ve looked at the logs since then and I believe I know how they got the content on here. I’ve changed the password I believe they cracked and removed the stuff they uploaded. I also tightened up some permissions, removed the remnants of the old website that I had left sitting around “just in case”, and generally did some housecleaning. In the process, I noticed what looked like it might be a group of bad guys that were scanning the site. I started to make some modifications to block the block of addresses that this somewhat suspicious activity was coming from, but got interrupted and didn’t get back to it. Unfortunately, what my half-finished attempt did was make the entire website unreachable to the entire internet. In the process of these cleanups, I also setup an automatic site monitor that e-mails me when the site is unreachable. Of course, I got the e-mail immediately that it was unreachable, but I thought that it was just some side effect of the setup and that it would report back that it was reachable the next time it checked. I again got busy and forgot that I never got the e-mail that it was back up. This morning at church, I wanted to go check the sermons page (this is part of our regular Sunday morning routine for recording the sermon) and got a message that I didn’t have permission to the page. Hmm…  I checked the front page, same thing. I came home and did more hunting around and finally (after much longer than it should have taken) I noticed my half-finished attempt to block the suspicious traffic. I’ve removed that and the site is up and running again. I’m sure there are lots of lessons I could learn from this, but it just proves I’m human, too. My apologies to anyone who tried to reach the site over the last 22 hours or so. If you have problems with the website in the future that persist for more than an hour, please e-mail webmaster@graceucclancaster.org
—Jim