Recommend
2 
 Thumb up
 Hide
12 Posts

BoardGameGeek» Forums » Everything Else » Chit Chat

Subject: Hackers... where to begin? rss

Your Tags: Add tags
Popular Tags: [View All]
Tahsin Shamma
United States
Massachusetts
flag msg tools
Avatar
mbmbmbmbmb
I just had 6 web sites taken down by hackers in one fell swoop. I managed to find backups of the sites, but the whole event has me rethinking running the web sites in the first place.

It's a lot of work to maintain web sites and keep on top of all the necessary software updates.

One site was generating $200/month in ad revenue. Is it worth it to get the sites back online and deal with the same headaches down the road?
1 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Jim Cote
United States
Maine
flag msg tools
badge
Avatar
mbmbmbmbmb
Figure out what they exploited and fix it.
5 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Matt Brown
United States
Okemos
Michigan
flag msg tools
badge
Avatar
mbmbmbmbmb
Safe to assume they were on private servers?
1 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Tanner Griffin
United States
Ogden
Utah
flag msg tools
designer
badge
Avatar
mb
matthean wrote:
Safe to assume they were on private servers?


Don't listen to him. With an avatar like that, it'll cost you an extra credit for each piece of ICE you rez on your remote private servers.
6 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Tahsin Shamma
United States
Massachusetts
flag msg tools
Avatar
mbmbmbmbmb
ekted wrote:
Figure out what they exploited and fix it.


They exploited known vulnerabilities in the open source content management system I was using.

The question was more towards... is $200 / month worth my headaches down the road considering it will take at least 40-80 hours (outside of work time) to fix it.
1 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Andrew Brannan
United States
Rockville
Maryland
flag msg tools
badge
Avatar
mbmbmbmbmb
A few choices:

1: stop using Wordpress, it's too popular and too buggy to think you can set and forget it.

2: commit yourself to staying on top of updates for it, though this will hold true for any piece of software you choose.

3: hire someone to stay on top of it for you. Yes, it's less profit, but also less headache.
3 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Matt Brown
United States
Okemos
Michigan
flag msg tools
badge
Avatar
mbmbmbmbmb
I don't consider WP a true CMS. It could have been Drupal.
1 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Kevin Salch
United States
Bristol
Connecticut
flag msg tools
Avatar
mbmbmbmbmb
Assuming you earn $50.00 hour and it takes 80 hours that is $4,000.
$4,000 / 200 per month = 20 months payback 1.7 years
So as a one shot it would be worth it.

Granted you would have to factor in additional maintenance time say 0.5 hour a month so without getting into calculus of it all say another 0.3 years so 2 year payback.

Most businesses would invest for that kind of return.


You should of course adjust the numbers to better reflect the situation.


2 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
skippen
United States
Greeley
Colorado
flag msg tools
admin
Cary Grant, 1904 - 1986
badge
How old Cary Grant? Old Cary Grant fine. How you?
Avatar
mbmbmbmbmb
veector wrote:
ekted wrote:
Figure out what they exploited and fix it.


They exploited known vulnerabilities in the open source content management system I was using.

The question was more towards... is $200 / month worth my headaches down the road considering it will take at least 40-80 hours (outside of work time) to fix it.


Unfortunately, that is question only you can answer. And it is sounding like it is not to you.
1 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Michael Carter
United States
Marion
Iowa
flag msg tools
Avatar
mbmbmbmbmb
What kind of site? Squarespace is pretty cheap. Let the pros take care of your hosting unless this is your profession.
2 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Adrian Hague
United Kingdom
Bristol
Bristol
flag msg tools
badge
RAWKET LAWNCHA!!!
Avatar
mbmbmbmbmb
veector wrote:
They exploited known vulnerabilities in the open source content management system I was using


There's your problem right there. Try to use software that has unknown (or at least little-known) vulnerabilities.
1 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Tahsin Shamma
United States
Massachusetts
flag msg tools
Avatar
mbmbmbmbmb
Well... closed source is more expensive.

For everyone's information, it was an outdated version of Joomla.

I still like and believe in the CMS, but you do get what you put into it.
1 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Front Page | Welcome | Contact | Privacy Policy | Terms of Service | Advertise | Support BGG | Feeds RSS
Geekdo, BoardGameGeek, the Geekdo logo, and the BoardGameGeek logo are trademarks of BoardGameGeek, LLC.