First of all, I’d like to say thank you to all of you for your patience during this weekend’s problems. Your patience and understanding is greatly appreciated.

While the initial response was happening, I was out trying to hunt down information on who and/or what had hit us, so that we could assess the degree of damage done. In addition to finding that the attack was relatively harmless, I discovered 2 things: 1) there’s only 1 place where this attack is even mentioned, 2) there are a bazillion sites that are infected. We’re all very fortunate that our admins are observant and noticed it as quickly as they did.

With the exception of a couple bits of user-inflicted “panic damage”, we appear to have everything cleaned and back to normal. If you notice any problems, please let one of us know right away.

In response to the events this weekend, I’d like to make a few comments.

• While Geek Niche does perform backups to all the sites, these are for “catastrophic recovery”. We can’t restore a specific file; it’s the whole site or nothing. This means that any changes made since that backup will be lost forever. In the case of this weekend, we had no way of knowing how long the invading code had been sitting on the server, so using the backups could have deleted a lot of information without solving any of the problems.
• WordPress is one of the applications that can possibly be vulnerable to the type of attack we encountered. The latest version of WordPress is immune to this attack, and I strongly encourage you to upgrade. If you don’t know how, let me know, and one of our staff will do the upgrade for you. Upgrades to WP 2.1 will be done for free until Feb 16th. After that, there will be a $10 charge.
• While we can help you recover from a catastrophic failure on your site, there’s a few things you can do to protect yourself.
• If you make changes to files on your site, save a copy to your local computer. Saving a “default” set of files is always a good idea, and having a local copy of any customized files makes it really easy to recover from a minor problem.
• If you’re using WordPress, you can back up all of your data using the “WordPress Database Backup” plugin. This plugin allows you to create a copy of all of your data and either save it to a file on the server (fast, but the least safe), e-mail it to any e-mail address, or save it directly to your computer. You have to go in and manually tell it to create a back-up each time, so remember to do so regularly. If you need help either installing this plugin or restoring data after a problem, let us know. We can provide either service for a $10/instance fee.
• WordPress also has an export/import feature. This is good for saving only the data (posts, comments, etc.), and is easy to use, but is less able to handle a catastrophic failure.