We decided to go on a long weekend family vacation to the Wisconsin Dells area -- it's about four hours by car from where we live in Minnesota. We'd stayed there once (overnight) with the kids while en route to Chicago last year and decided we wanted to go back for a bit longer. It was a great weekend and overall the boys were pretty good.
I didn't take my laptop with me so borrowed my sweetie's laptop a couple of times to check email while we were there. Nothing too dramatic until I checked on Sunday night.
Apparently a hacker had found a way to conduct phishing expeditions using my website (which ran on a system called PHP-Nuke) and as a result my webhost suspended my account.
I sent the webhost's support people an email asking why my website was suspended and only got the response that I had violated the terms of service. No detail. No explanation of what I needed to do to fix things. And of course I was locked out of my account so I couldn't change things even if I wanted to.
Well, we finally got home from our long weekend today (Monday) and I spent an hour on the phone with the webhost's support people -- most of that time sitting on hold of course. The support guy checked things out and talked to their security person (who apparently was being run ragged today with issues) and told me about the phishing problem. I told him it had to be a hacker as my site is just a personal website with no interest in things like hacking. The support guy explained about the security problems with PHP-Nuke (and basically anything that uses PHP) and suggested I upgrade my PHP-Nuke to the latest version, or else migrate the system to something more secure.
I tried doing just that in the past because I was concerned about the security problems I've heard about PHP-Nuke, and had no end of headaches with the attempts. Basically there doesn't seem to be an easy way to migrate my current content to a new system. Even updates to newer versions of PHP-Nuke don't work well as it seemed to consistently corrupt my content. So it looks like I have to figure out how to manually move my content into some other presentation system for my website.
In the meantime, I've taken a full backup of everything from my site and have taken the site offline. In its place I have a bare-bones HTML page with no PHP or other fancy code whatsoever so that visitors to my website at least see something and know that I'm making changes to the site.
What a headache!
If anyone has suggestions for migrating a PHP-Nuke site to something more secure I'd love to hear it. I've tried doing a migration to Drupal with very limited success. As it stands now I will likely have to create my website from the ground up using something else, and will just have to recreate the content one piece at a time rather than attempting some sort of migration from the old PHP-Nuke.
![[info]](http://l-stat.livejournal.com/img/userinfo.gif){kind=small}
bgruagach) wrote,
Bjork's Aurora, on Vespertine
