WARNING: This post is long and semi-technical! If you don't know about the world of webmastery or don't want to know, you may not want to continue reading. However, if you want to learn, or know about this stuff, read on, MacDuff!
Back in 2004, I was looking for a new way to present all of the content on my site. It had been six years since I started blogging, though only three or four of those years did I actually use an official blogging tool. Up until 2004, I had been using GreyMatter which was an amazingly versatile flat-file system that I liked quite a bit. However, after several years of using it, it began to slow down. It was painfully noticeable that the entire site was slow to load thanks to all of the HTML posts being served on my site. So, I began to look for an alternative.
At first, I thought a wiki would be a good way to go. Instead of doing something like a blog, I'd have a something that would be a bit more like a reference, as opposed to something like the front page of a newspaper. But then, while Googling the term "wiki" I came across the wiki at WordPress.org. I quickly realized that their wiki was only for their documentation and not something they offered, but I was intrigued by what they did offer--WordPress a blogging tool so easy it takes just 5 minutes to install. So I explored the site.
It turns out that loads of folks used WP and there was a robust community of developers and users who help one another on the forums. I thought this would be perfect, so I switched.
Of course, WP runs on MySQL, a free database system that my host does offer. I found WP to be easy to use and once I worked out how temperamental MySQL (pronounced either My Skyool or My Sequel, depending on who you talk to) was, I had everything up and running in no time (5 minutes, in fact!).
Within a day or two, I suddenly noticed comment spam--a LOT of it. I started looking around for solutions on the forums and while there were plenty of folks who had trouble, like me, there weren't too many solutions that worked for everyone. Still, I tried a few and finally found some that worked. However, with every WP upgrade, I ran into massive spam issues. After one upgrade, I got hit so bad, my web host charged me $120 in bandwidth-overage fees.
I was inches from giving up WP and going back to (cringe) Blogspot. To a control-freak like me, using a blog host is like trusting a daycare center to raise your child to college-age. So, I stuck with WP vowing never to upgrade again. However, newer plugins came along, offering me the ability to crosspost to places like Blogspot, LiveJournal, Twitter and more. These plugins would help me advertise my site and take part in a larger community on the web. So, I caved and upgraded.
This happened again recently with the release of a Pownce plugin. Of course, the Pownce plugin requires PHP5 and my host still had me on PHP4, so I requested an upgrade. They happily complied, free of charge, setting me up on a new server with more space and features, etc. I figured "What better time to upgrade to a new version of WP?"
So, I did. Everything was cool for about a day. Then, everything exploded. My site was and is getting slammed by SOME sort of spam attacks. A few got through to the Akismet antispam plugin but got caught--however one got past Akismet and ended up in my Pownce stream, ironically, thanks to that Pownce plugin. :\
I have installed Bad Behavior, WP-Morph and Akismet, all of which protected my site just fine on my old server, that was still live just days ago. I added WP-Spamfree as suggested by a friend. I also use WP-Cache to allow each page on my site to get stored as a static file so the next person that tries to access it can still see it. Of course, this doesn't help me administer the site since the admin pages don't cache.
So, the only way I have found to stop the site from going down is to rename the wp-config.php file. This is the file that contains the login info for my MySQL database. Essentially, I'm hiding the key for the lock on my db. Of course, doing this brings the site down. After a few minutes I return the wp-config file to it's original name and everything is cool for a good few minutes--then the attacker(s) return and I start the dance all over again.
I've got a ticket open with my web host, but I'm not sure what they'll be able to do.
What is literally happening is this: The MySQL system can only take X amount of accesses before it begins to slow down access-time for every other db on the same server. On my old server this limit was 15 simultaneous accesses. This may not seem like a lot, but it wasn't so bad most of the time.
So, now I'm waiting for tech support to get back to me. The service I get from my web host ranges from the "meh" to the amazing, so I tend to be pretty patient with them. Still, my website represents ten years of my life and it's hard to see it messed with by some greedy assholes with no morals or better things to do with their lives.
In times like this, I wonder if I'd have been better off just sticking with GreyMatter... or even (cringe) Blogspot... O_O
Mobile post sent by thepete using Utterz. Replies.