I’d love to tell you that I was inspired to change the look of the website all on my own, but the truth is that my site was hacked! Some friendless virgin found a way to insert some malicious code into all of my blog’s files and directories. Luckily I keep good company and Kerry Taylor (author of SquawkFox) and her favourite German, Carl (and now MY favourite German, too!) were instrumental in helping me from having a coronary.
Everything Deleted
In the end, I decided the best course of action was to completely erase EVERYTHING. I exported my blog’s journal to an XML file and then deleted all the files and the database. Gulp!
Actually, before I did that I bought a new domain and built a new blog from scratch on it and imported the content to see if it would come out clean. It did. Incidentally, the domain I bought was “BondsAreForLosers.com”, mostly because it was funny and I have been thinking that one day I will split the current blog into two parts, one for more technical posts and one for more mainstream posts. If/when that happens, BondsAreForLosers.com will be where the technical stuff will show up and I’ll keep WhereDoesAllMyMoneyGo.com for the more mainstream stuff.
Slowly Recovering
But, in the meantime, everything is almost back to normal. I’m slowly rebuilding the blog and tweaking it as I go, but man, what a project! This happened last Wednesday and since then I’ve been working non-stop researching how to fix it. I’m not a computer guy, so it took me a long time to figure everything out. I’ve probably averaged four hours of sleep per night since it began and I’m tired as hell.
So What Do You Think???
I decided that the blog had become a bit “busy” looking so one of my goals with the redesign was to make it cleaner looking and I also tried to find a relatively “light” theme with fewer scripts and whatnot that can slow down the page loading times. I’m actually quite happy with how things are coming together. But I would love your feedback. Ultimately this blog is for YOU, so if you have any requests for design or functionality, please let me know in the comments section and I will consider them.
Take a look at the homepage HERE.
Thanks for your continued readership!
Preet
Looks good to me.
So sorry for all your troubles.
Best of luck
I don’t know why anyone would want to do something like that. Thanks for putting in the effort so that your fans can continue reading Preet. To many more posts!
I’m sure it was a nightmare for you. I like the new look, much cleaner. Thanks for all your hard work in rebuilding the site. Hopefully you can get some extra rest after all your efforts.
I disagree – the site looks like overloaded with ads. The google adwords at the top takes up over half the screen real estate at the first page. Sorry… makes the site look cheap and begging for adwords revenue.
@Adam – sorry that you feel that way. If you like, I can set up an ad-free version of the site – but there would be a monthly subscription charge. Let me know if you are interested…
Hey Preet… Sorry to hear what happened. The site looks a lot cleaner and easier to navigate. Hope everything’s back to normal!
Sorry for your trouble! I got a scammy ad when I last loaded your site and thought “why would Preet let these people advertise”, I guess that’s the answer (you didn’t).
I like the new look better. Definitely less cluttered.
I really like the look of the new site. The newer stuff I want to hit is right there, then if I have the time, I can scroll down for more info. Very cool!
Now go have a nap-most illustrious people do!
Seriously, thanks for all your hard work. Much appreciated.
Wow! That whole process sounds like a giant pain. I sometimes feel like I’m missing out by hanging out at blogspot, but this isn’t one of those times. I’ll be interested to see what happens at “bonds are for losers”. I don’t have any bonds myself, but I think I’m pretty conservative in the all-equities crowd.
@Michael James – it was a nightmare (for me). In the end, knowing what I know now, it wasn’t a big hassle to actually fix it, but learning how to figure it out took most of the time. BondsAreForLosers.com should be 6 months away, and I also bought StocksAreForLosers.com and they will point to the same place because I’m indifferent to stocks versus bonds. It’s meant to be catchy more than anything… :)
Looks very nice Preet. If I may ask, how did the site get hacked? Any precautions you wish you had taken and isn’t too late to take for the rest of us?
@CC – it looks like it was widespread on many wordpress sites hosted with GoDaddy. They still haven’t figured out exactly how it was done, but they are narrowing it down it seems.
What I would do different:
Double check permission settings on all files (755 on directories and 644 on files) as the most relaxed. Anything with tighter permissions, leave them as is. I installed a plug in “login lock” which will deny any login attempts after a few tries for anyone trying to randomly guess username and password combinations. I’m going to start regularly exporting my XML file and backing up the database. There is a plugin that emails you a copy of your database weekly if you like.
Go crazy on the wp-config file with setting secret keys, and beef up the database password, and all passwords really.
Check that no user registrations are allowed (dashboard – settings – general) – untick the “anyone can register” box.
Update to latest version of wordpress immediately, and always when available.
Carl – my tech support angel from Squawkfox – thinks it was the permissions that was the vulnerability. The following link has more info: http://www.wpsecuritylock.com/cechriecom-com-script-wordpress-hacked-on-godaddy-case-study/
Looks good! Too bad to hear how it happened though.
@Preet: Thanks for sharing. I already do many of these already (such as regular backups, permissions etc.) but some are new to me (such as login lock). I agree — you can’t be too careful with security.
Sorry to hear about your ordeal Preet, sounds like you’re a security expert now though! I use Login LockDown and WP-DB Manager. You might want to have a look at WP Security Scan too!
All things happen for a reason… the site looks great!
Preet,
Just a suggestion on the new look website (I don’t remember if the old site had this or not). But I would find it useful if at the top and/or bottom there were links to the next newer post and next older post. This would make it easy to whip through a few whenever I get behind.
But overall, I like the new look. Glad to see everything’s back up and running.
HUGS! I’m so happy you’re site is back from the brink. Thank you so much for your kind comments. Blush. Carl and I are always happy to help rid the web of malicious code. Your new site look is stunning. Very clean and fresh. Love it!
Always happy to help out — I just wish that there was a way of tracking down the hackers. Your new site looks great!
Okay, I figured it out. Let me know if that works for you (there are links for the previous and next posts located right after the “related posts” section). I'm going to play with putting that under the post title as well…