In the beginning, it was all DDoS attacks that would crash the website immediately and keep it down for about an hour. They landed regularly, on our publication date — we came out on Wednesdays back then — and whenever we broke a big story on the site.
This was before I learned to operate my own server, before I knew about remote caching, before I began to build the Triad City Beat digital security web, which, by nature, will forever be a work in progress.
And I believed I knew where these attacks were coming from. The suspect was a disgruntled blogger with a history of online chicanery who actually created a TCB haters group on Facebook, where he posted a link to the website “stress test” I believe he used. And I only know this because he didn’t make the group private until after I’d already seen it.
A DDoS — which stands for “distributed denial of service” — happens when too may entities request resources from a website all at once. We still get the occasional DDoS, though it takes a massive one to crash us these days and I can quash it immediately using my phone.
Website security is an arms race, with the advantage always belonging to the aggressor who must constantly find new ways to sow chaos, as opposed to the vigilant publisher who must always be on the defense.
Thusly I’ve been keeping these bitches at bay for years, until a new hack squirmed its way into our site repeatedly for the last couple months, always on Thursday, which is the day our paper comes out. because most of the content drops, the busiest day each week on our website.
This one was redirect malware, which sent every user at triad-city-beat.com to a spam site that promised a sweepstakes win or some such bullshit. The code was insidious, exempting page admins from the redirect so they did not see it happening, masquerading as a plugin but hidden from the WordPress interface, creating php tables that had to be tracked down and scrubbed. We needed new user passwords and a new layer of security that basically fries any piece of code sent to our website unless it comes from me personally.
Scorched earth, baby.
I know I’ll never fully defeat the hackers and the haters. They are innumerable and relentless, in the manner of rats or termites. But their attention shows me and everyone else at TCB that if we’re publishing things people don’t want others to see, then we’re on the right track.