What got us into this mess?
Our site was hacked. We’re not sure how, but it’s a good chance that it was through insecure coding in our UPDS system, which was used to track the membership of the group. That system was built over 10 years ago and has not been updated since. It’s likely that hackers were able to identify the poor coding and exploit it to gain access to the site.
Subsequently, they filled the site with thousands of back-door files which would assist in hacking the site again, and millions of spam messages were sent out from our domain name, @starbase118.net
Did we fix it?
Yes, we fixed the problem. We hired a security expert to review the size and remove all of the malicious files. However, due to the hacking, our web host kicked us off the server, leaving us homeless.
Finding a new web host is tricky. We’re a website that uses a lot of server resources. Most other websites are comprised of one or two components at the most — maybe a WordPress site, and possibly a lightweight forum system. But we have a website, a very sophisticated forum, and a rather humongous wiki. And to compound the problem, our site is still being hammered every day by spammers and hackers looking for new flaws. In short, we’re online, but just barely.
Seems dire. Now what?
We’re putting in place a plan to secure our resources and put them in the hands of professionals. Here’s how it works:
First, we have enrolled with a service called CodeGuard which does a daily backup of our site and allows us to roll-back any changes easily. This will ensure that we never again end up in a situation where our site is infected with thousands of malicious files and we have to hire someone to fix that.
Second, because our new host is not as generous with the server resources as our last host was, our site is running slower than normal. That’s a serious problem. A slow site makes people not want to use it, which means traffic goes down among our members. And prospective members won’t wait around for a slow website to load, so they’ll go elsewhere. That means that we’re losing already scarce new recruits.
To that end, we’re going to move the main to a specialized WordPress hosting site that’s the premiere, top-of-the-line place to host a WordPress installation. It’s called WPEngine, and they’ll make sure that our site is blazing fast, totally secure, and if it does get hacked, they’ll fix it for free.
Third, and finally, if we fulfill our fundraising goal we will also move the forums on to the hosted Invision Power Board service. The forums will run faster, they’ll be more stable, and we can guarantee that — even if we have to move hosts — the forums will remain up and running at all times.
Sounds complicated!
Only on our end. On your end, everything will still operate exactly as it did before — same website addresses and everything — except it will be faster and more reliable.
So… expensive?
Yes. This kind of set-up doesn’t come cheap. But our only other option is to set up a type of web hosting called “VPS” (Virtual Private Server) and then pay someone to help administer it, since no one among the staff has that expertise and we don’t want to put the burden of running the site full time on volunteers. While we could probably pull that off on the same budget we have planned, it’s better to put our resources in the hands of professionals who will ensure that we never have these problems again.
Here are the basic costs of our website on a normal basis:
* Domains: $105 per year
* Forums: $50 per year
* Shoutbox: $20 per year
* Hosting: $120 per year
* GravityForms: $39 per year (just added — will help cut down on spam trafficking through our application form)
* CodeGuard: $60 per year (just added — daily backup and restore of the website)
* TOTAL: $393
Now we need to add these two expenses:
* Invision: $190 per year ($240.00 for yearly hosting minus $50 licensing fee we’re currently paying, listed above)
* WPengine: $290 per year
So the total with our normal expenses, plus the new hosting equals: $873
We know, it sounds like a lot. But it’s a small price to pay for the peace of mind that our community resources, which we’ve worked so hard to build and maintain, will remain available, stable, and will work correctly every time we need them.
