Every since having Irreal suffer a malware exploit, I’ve been on the lookout for articles that will help me avoid another successful attack. I’ve already posted about several of these and today’s post is another. Since these posts have become a sort of series, I am introducing a new tag, Malware, to label them. As soon as I can get to it, I will revisit the previous posts in the series and add the tag to them as well. That way, anyone else unfortunate enough to suffer a similar attack will have a resource to help them recover and prevent reoccurrences.
Today’s article is from Christian Grobmeier’s blog. Grobmeier recently had his site exploited and shut down by his hosting provider. Like me, he eventually got his site cleaned up and back on-line. His post is about the 5 lessons he learned from the ordeal. One of those lessons—perhaps the most important one—is the same lesson that I learned: keep your blogging software up to date. Related to that is to use static web pages. I got that same advice from some of my wise commenters but have so far resisted it because I love org2blog and the workflow that it enables. Stubborn but foolish, I know.
Another excellent recommendation is to run a script everyday that checks for any changed files. That would certainly have alerted me early on to my exploit.
I’ll let you go over to Grobmeier’s site to see the other suggestions and flesh out the ones I’ve discussed. It’s a good post and worth a read if you have a site that you are maintaining on your own (that is, not something like Blogger where you don’t have to worry about security) even if you haven’t (yet) suffered an exploit. I recommend it.
While I’m not extensively familiar with org2blog, I have been staring at org-jekyll for a little while and thinking seriously about putting it to use.