…And Other Comments on Spammers and Hackers
When I started this website over two years ago, I envisioned a comfortable family-type website that could help our far-flung family keep in touch. I wasn’t a newbie at running websites as I had operated a “commercial” website for the five years prior to my divorce (commercial in the sense that I had hopes of making money off it, not that I actually did make money).
I was well aware of the threats from hackers, and the annoyance of getting hundreds of daily spam e-mails offering everything from increased site traffic to earning thousands, even millions, of dollars overnight using whatever money-making system the particular spammer was pushing. It was about three years between the times I shut down my flagship “RCM TravelSite” to the time I started “The Charest Family on the Web.” I have been shocked at how the Internet community has changed over those years.
My earlier website was largely a homegrown effort that ultimately used a hodgepodge of commercial, free, open source and in-house (I wrote it) software. Nothing worked seamlessly and for the last year I operated it I was spending all my time keeping it together. When I decided to start up this site, having a software package with the features I needed, that actually worked together, was important.
Working With Content Management Systems
For the first year I used a light-weight package called “Cute Copy.” It was easy to setup, and seemed to have all the features I wanted. But after a year of use its limitations really showed, so I looked around for something to replace it.
I settled on PHP Nuke as my platform for a variety of reasons, not the least being that it was a pre-loaded package offered by my web-hosting company. My commercial website had used an earlier version for news posting, so I had some working knowledge of it. I also knew there was a LOT of third-party modules available that offered all the functionality I wanted.
So I set it up, experimented with site designs, and launched this noble experiment in high-tech family communications. Over the next several months I located and installed add-ons including the Photo Gallery and Genealogy sections, and customized other modules to my personal preferences.
From the start, I wanted to build an on-line community. I already knew the key to building a community was making it easy to communicate (I know, sounds simple). So I setup this site to make it easy for visitors to make comments and add content. Among other settings, I allowed any visitor to post comments even though I restricted news posts to registered members.
Adventures in Being Hacked
For the first several weeks, all was well. Then I started paying attention to the comments showing up on my world-shattering news posts. I was horrified. Spammers had discovered this humble website and were using the comments section to post links to all types of trash. I found ads for male performance drugs, male enhancement drugs, FDA non-approved diet drugs, in-line casinos, porn sites and God knows what else. I was pissed.
So I restricted the comments to only registered members, thinking that having to first register might slow down spammers. It did, for a few days.
Then I was hacked. Some group who I believe call themselves the “Young Turks” hacked in and defaced my website, over-wrote several recent news posts and changed some of the database-driven formatting. It took me the better part of a day of free time to undo the damage. Then I spent almost a week’s worth of free time researching and installing PHP Nuke security patches.
I was still being plagued with spammers in the comments section, and now I was also dealing with spamm user’s accounts. I couldn’t find a patch or figure out how to screen the comments, so finally I just blocked comments – or so I though.
While searching for security upgrades, I located several useful third-party add-ons including a guestbook module. I had operated a guestbook on RCM TravelSite and enjoyed seeing the comments. I knew there was a chance of a guestbook being abused by spammers, but on RCM TravelSite I’d had one spam message for at least every 10 valid ones. So I tried a guestbook again here.
The guestbook had a screening function, so I thought it would be manageable. I was quickly shocked at just how wrong I was. Within days, I was receiving several daily spam messages. After several weeks I was receiving up to twelve messages daily. When I started getting porn photos posted, I had enough. I locked out the guestbook until such time as I could come up with a more effective screening.
By this time I had activated the weblinks module. Again, within days of activating this module I started getting links submissions for websites including porn, on-line drug sellers, casinos, and insurance companies. I’ve been able to filter the trash out, but it’s one more irritant I’m dealing with.
Meanwhile, I was getting several dozen daily spam e-mails on the webmaster e-mail account I had to delete.
Last Friday I made my daily website check and discovered I had been hacked again, with my website again defaced. The same group as previous appears to be the latest culprit. It seems my security upgrades had done some good, as they didn’t do as much damage as before. Or maybe they just didn’t bother, I really don’t know. But it took a day’s worth of free time to undo the damage.
While undoing this latest hack I discovered spammers had gotten into the comments section I thought were deactivated. I found dozens of spam posts on archived news stories. So I spent more time deleting the trash, deleting the spam users who had taken the time to create user accounts just to post their spam, and re-locking the comments section.
So this is where my noble experiment in family-forum communications has come to:
- No comments allowed.
- I have no active Guestbook.
- No one allowed posting news stories except the administrator.
- I’m not allowing commenting on the photos except administrator
- I pretty much ignore all webmaster e-mails. There’s so much spam, I’d probably miss seeing any real e-mail
- I don’t dare activate the Bulletin Board Forums, to avoid one more source of spammers
- No one can submit genealogy info other than through an e-mail, which I probably wouldn’t notice due to all the spam
I’m resigned to being hacked on a regular basis, and can only hope the SOBs don’t spend too much time mucking around when they do hack me.
A Final Rant
So you’all need to excuse me for feeling irritated by spammers and hackers now. I’d call these people slime, except actual slime mold can’t help being what it is, and these people could. Calling them slime would be libelous to the mold-type slime.
As far as hackers go, I need to tell these cretins to go get a life. Hacking the CIA’s website might give them bragging rights. Perhaps hacking into the Bank of America’s website might gain them lots of lucrative account numbers? Hacking into a family website operating on free software with a nominal dozen daily hits gains them…?
For the legitimate visitors to this humble website who’d like to actually participate in a conversation, I’m sorry. I don’t have the programming skills, or the time to learn, to build a spam-proof hack-proof website. Until spammers and hackers all crawl back under the rocks they came from, I’m going to have to keep tight security restrictions. If you really want to contribute something worthwhile, you may contact me using private messaging (that you can access that by creating a user account) and let me know.
I’ll be happy to create a user account that allows someone else to post worthwhile news stories or other content.
Updated: May 2, 2020 – Converted to Gutenberg Blocks format, edited the story to support Yoast Search Engine Optimization.