• =?UTF-8?Q?Ali_=c3=87ehreli?= (11/11) Aug 09 2020 I've just learned that HostGator has suspended ddili.org because the
• ketmar (3/5) Aug 09 2020 change the hoster to the sane one, who won't lock down user sites to
• aberba (2/14) Aug 09 2020 Why not roll your own VPS?
• dweldon (10/22) Aug 09 2020 If you don't have good backups to fall back to, you could try
• rikki cattermole (2/2) Aug 09 2020 Looks like you have gotten lucky. Its archived.
• =?UTF-8?Q?Ali_=c3=87ehreli?= (13/16) Aug 09 2020 Thank you, all.
• Mike Parker (4/6) Aug 09 2020 Get your self a VPS. I've maintained one through Linode for years
• H. S. Teoh (10/19) Aug 09 2020 +1, get yourself a VPS and configure it to do exactly what you want,
• =?UTF-8?Q?Ali_=c3=87ehreli?= (7/11) Aug 10 2020 Digitalmars-d wrote:
• Vladimir Panteleev (27/30) Aug 10 2020 Some computer worms search the web for outdated vulnerable
• =?UTF-8?Q?Ali_=c3=87ehreli?= (7/9) Aug 10 2020 In this case it turned out to be a false positive and ddili.org is up.
• Vladimir Panteleev (5/8) Aug 10 2020 Not at this time, but I think Walter/Jan wouldn't be against

=?UTF-8?Q?Ali_=c3=87ehreli?= <acehreli yahoo.com> writes:

I've just learned that HostGator has suspended ddili.org because the 
forum software I use has been compromised.

ddili.org hosts the book "Programming in D" and there are many links to 
it from dlang.org.

HostGator sent me the following document about the cleanup which I 
haven't read yet:

   https://www.hostgator.com/help/article/how-can-i-prevent-compromise

Sorry for the down time and if you think you know how to save ddili.org 
please say so here.

Thank you,
Ali

ketmar <ketmar ketmar.no-ip.org> writes:

Ali Çehreli wrote:

 Sorry for the down time and if you think you know how to save ddili.org 
 please say so here.

change the hoster to the sane one, who won't lock down user sites to 
promote affiliated "special offers", i guess.

aberba <karabutaworld gmail.com> writes:

On Sunday, 9 August 2020 at 16:25:38 UTC, Ali Çehreli wrote:
 I've just learned that HostGator has suspended ddili.org 
 because the forum software I use has been compromised.

 ddili.org hosts the book "Programming in D" and there are many 
 links to it from dlang.org.

 HostGator sent me the following document about the cleanup 
 which I haven't read yet:

   
 https://www.hostgator.com/help/article/how-can-i-prevent-compromise

 Sorry for the down time and if you think you know how to save 
 ddili.org please say so here.

 Thank you,
 Ali

Why not roll your own VPS?

dweldon <danny.weldon gmail.com> writes:

On Sunday, 9 August 2020 at 16:25:38 UTC, Ali Çehreli wrote:
 I've just learned that HostGator has suspended ddili.org 
 because the forum software I use has been compromised.

 ddili.org hosts the book "Programming in D" and there are many 
 links to it from dlang.org.

 HostGator sent me the following document about the cleanup 
 which I haven't read yet:

   
 https://www.hostgator.com/help/article/how-can-i-prevent-compromise

 Sorry for the down time and if you think you know how to save 
 ddili.org please say so here.

 Thank you,
 Ali

If you don't have good backups to fall back to, you could try 
backing up your database and site, then re-install the same 
version of the site and any plugins on a clean web root and 
database.  Then restore the database over the top of that and 
copy any uploads over as well, making sure that they're safe 
first.  Check the users table for any new admin accounts and 
delete them and reset the administrator password to a strong 
password.  Then once you're sure it's okay, upgrade to the latest 
version.

rikki cattermole <rikki cattermole.co.nz> writes:

Looks like you have gotten lucky. Its archived.

https://web.archive.org/web/20200118000235/http://ddili.org/

=?UTF-8?Q?Ali_=c3=87ehreli?= <acehreli yahoo.com> writes:

On 8/9/20 6:51 PM, rikki cattermole wrote:
 Looks like you have gotten lucky. Its archived.
 
 https://web.archive.org/web/20200118000235/http://ddili.org/

Thank you, all.

Luckily, there is no issue with archiving and the content is generated 
by 'make' and stored on Github anyway. I am trying to convince HostGator 
that *I know* there is no malware. >:)

OFF-TOPIC: Here are two interesting articles on HostGator and their 
partner in crime SiteLock:

 
https://websitesforgood.com/beware-of-malware-scams-sitelock-hostgator-and-an-angry-web-girl/

 
https://www.hermesthemes.com/scam-alert-how-hostgator-attempted-to-extort-200-out-of-me-for-sitelock/

I name this "institutionalized ransom." Oh well... The world these days...

Ali

Mike Parker <aldacron gmail.com> writes:

On Monday, 10 August 2020 at 03:40:33 UTC, Ali Çehreli wrote:

 I name this "institutionalized ransom." Oh well... The world 
 these days...

Get your self a VPS. I've maintained one through Linode for years 
and their customer support has been phenomenal when I've needed 
it. There are other good options, like DigitalOcean.

"H. S. Teoh" <hsteoh quickfur.ath.cx> writes:

On Mon, Aug 10, 2020 at 04:42:47AM +0000, Mike Parker via Digitalmars-d wrote:
 On Monday, 10 August 2020 at 03:40:33 UTC, Ali Çehreli wrote:
 
 I name this "institutionalized ransom." Oh well... The world these
 days...
 

 
 Get your self a VPS. I've maintained one through Linode for years and
 their customer support has been phenomenal when I've needed it. There
 are other good options, like DigitalOcean.

+1, get yourself a VPS and configure it to do exactly what you want,
nothing more, nothing less.  I've been using JohnCompanies.com -- they
give discounts for people who contribute to open source projects, and
customer support is from experienced Unix admins (no lower-level
1st-tier responders, you get the pros from the get-go). Been pretty
satisfied with them for my VPS needs.


T

-- 
May you live all the days of your life. -- Jonathan Swift

=?UTF-8?Q?Ali_=c3=87ehreli?= <acehreli yahoo.com> writes:

On 8/9/20 4:23 PM, aberba wrote:

 Why not roll your own VPS?

On 8/9/20 10:08 PM, H. S. Teoh wrote:
 On Mon, Aug 10, 2020 at 04:42:47AM +0000, Mike Parker via 

Digitalmars-d wrote:

 Get your self a VPS.


 +1, get yourself a VPS

Makes sense because I've been using (rather, trying to use) my virtual 
host as a VPS anyway. It has always been difficult to figure out where 
proper configuration files were in that restricted environment.

Ali

Vladimir Panteleev <thecybershadow.lists gmail.com> writes:

On Monday, 10 August 2020 at 03:40:33 UTC, Ali Çehreli wrote:
 Luckily, there is no issue with archiving and the content is 
 generated by 'make' and stored on Github anyway. I am trying to 
 convince HostGator that *I know* there is no malware. >:)

Some computer worms search the web for outdated vulnerable 
software, such as forums, and spread by infecting the scripts. 
Then the machine can be used by cybercriminals for nefarious 
activities, such as sending out spam.

Some particularly insidious worms succeed well in hiding 
themselves, e.g. using "rootkits", so they may be difficult to 
detect.

If you would like to keep your current host, I suggest the 
following:

1. Make a complete backup of all your account data (files, 
database...)

2. Completely wipe all your account data

3. Rebuild everything from scratch:

- Rebuild from source and re-upload static content (such as the 
HTML render of your book)

- Reinstall any dynamic software such as the forum, using the 
current latest version

- Carefully restore applicable parts of the database (most worms 
hide in files, but there exist vulnerability classes, such as PHP 
code injection, which would allow them to hide in the database).

4. Present proof that you have done this to your host. This 
should be sufficient for them to restore the account.

It might help to know (and to disclose to your host) the nature 
of the malware itself. If you like, I could have a look (I've had 
to deal with such incursions before), please get in touch.

- Vladimir

=?UTF-8?Q?Ali_=c3=87ehreli?= <acehreli yahoo.com> writes:

On 8/10/20 4:31 AM, Vladimir Panteleev wrote:

 4. Present proof that you have done this to your host. This should be
 sufficient for them to restore the account.

In this case it turned out to be a false positive and ddili.org is up.

But as you say, the forum software that I had picked years ago 
especially for its simplicity is a by vulnerability at this time.

I ask here in case the answer is useful to others as well: Can DLang 
forum software be used as a proper forum (not backed by a newsgroup)?

Ali

Vladimir Panteleev <thecybershadow.lists gmail.com> writes:

On Monday, 10 August 2020 at 17:01:10 UTC, Ali Çehreli wrote:
 I ask here in case the answer is useful to others as well: Can 
 DLang forum software be used as a proper forum (not backed by a 
 newsgroup)?

Not at this time, but I think Walter/Jan wouldn't be against 
adding a newsgroup for discussing the book to the digitalmars 
NNTP server. It can be hidden from the forum's front page if 
desired (links from ddili.org would still go to it).