Still getting back to normal

I have been playing with the new site and DNS and all of that for a good portion of the day.  Still working on the databases from the previous host to get some of (hopefully all of) the old posts to live here.  Might choose a different theme and all that for a fresh start and a bit of something new. Some of the plugins used before might be left out and things will be watched much closer for issues.

What happened?

I’m not exactly sure of all of the details.  There was an email about a malware issue in some of the code on the old site.  This email landed overnight Thursday into Friday and was the “Final Warning”.  Considering it was the only warning, that is a bit extreme.  The warning said my domain had been blacklisted by spamhaus for malware.  It also said that the hoster requires a professional cleaning using a recommended partner.  When I contacted the partner about the cleaning, the cost was $300 for a one time cleaning or I could subscribe to a service for a deal of $144/mo which was a discount since the hoster was a partner… wow… such a deal.

I also contacted support at the hoster in response to the email received.  I asked if there might be a way to at least make an attempt to fix the issue.  Even to go so far as to suggest downloading all the files and content and starting a brand new fully patched instance of wordpress.  Following a deletion of the downloaded content.  If the “infected content” is deleted and the servers are kept patched a new instance starting over should certainly be a clean slate and not have any of the previous problems.  Much like formatting a computer when it is faster to rebuild than to clean up a mess… if notepad.exe is infected and the disk is wiped and reloaded with Windows, then the new notepad.exe is good as new (assuming the starting image is clean).

It feels a bit extortionist to have my hoster lock me out of the cpanel and insist that I spend more money on a “professional cleaning” of my data.  Working with me to clean up the problem and start fresh would have been a smarter, more customer service focused answer.  Is my website worth the amount of money the cleanup would cost?  Yes. To me it is, but there is a much cheaper, simpler fix…. and for me since my former hoster decided not to assist…its off to Azure we go.

What I know as of this evening…

I realize there was an exploit released this week that actually did target WordPress and that is likely what got me placed on the blacklist because of its actions.  I also realize a paid security company could fix / scan the files and likely fix the issue.  What I still do not understand is why the Hoster chose to recommend and require a partner service which is extremely expensive rather than working with their customer to refresh the plugins and / or remove them so we can determine what might be going on.  Still landing on a “if the install is brand new” and completely patched and possibly plug-in free there should be no reason the Malware re-infects.  If the Hoster cannot or will not help their customers to clean up the problem what good is the hoster?  Sure you should put up an message about the problem and reach out to the customer who owns the website, but completely locking them out and preventing any fixes isn’t a good move either.  I am not glad that a piece of malware hit my blog or that it landed me on a blacklist, but I also likely have overly high expectations of my hosting company.  Since I haven’t seen much in that regard, a host change is all but guaranteed.  I am still working on the data from the old site, which I hope will happen soon… a few things to work out and then we bring the previous posts back.