Nearly 3 months ago I made mention of a fallout between myself and the theatre group with which I’ve been associated with for about 9 years. Part of this was my decision to no longer look after their website – something I’d put a lot of work into but had very little feedback or general help with.
I gave the committee a list of the skills required to run the site and, to my surprise, it was handed over to a new committee member within days. I don’t know her background but events have now unfolded which has possibly damaged the site forever.
Last week it was reported to the sites host, Memset, that a phishing site was present on the BMTG site. It was residing in one of the sub-directories of a third-party application. I believe this application must have had a security flaw which allowed someone to deposit a fake banking site in place. Memset immediately disabled the hosting account and the website went down. The new website manager was informed and, unfortunately, responded by suggesting that it was maybe something I did.
I took a sharp intake of breath, I have to admit, when I read this. This site is also hosted by Memset and so the suggestion (probably not intended) that I created a phishing site could have had a serious repercussion on me. Thankfully it hasn’t. But I don’t think she understood what the problem was.
The upside of all of this is that Memset have now informed them that they will NOT re-enable the account unless they move to an expensive server host account (at the moment it’s on a shared server, and they’re concerned that future issues could impact other users). Bear in mind that the society is a non-profit making charity and their current hosting is provided for free – basically, they wouldn’t be able to afford such a move.
I’m guessing that the current website manager not understanding the issue is why Memset are rightly worried about future occurrences. Oh dear. If asked, I could do what I can to resolve the issue, but I suspect I won’t be.
Long-standing members appear to be leaving the Society in their droves and one such ex-member (who’s been involved far longer than myself) believes that this may be the death-knell. No website, performing on a stage in a school-hall, no publicity, poorly produced and expensive show programmes… it’s not looking good. The ex-Chairman has recently been caught wondering aloud why so many people are leaving. Maybe they should ask?
2 replies on “Where did the BMTG site go?”
Firstly let me introduce myself as a systems administrator at Memset. The main reason we want people to move to a miniserver, rather than enabling a site where phishing code has been discovered, is that the miniserver will give the customer a completely isolated, fully controllable environment for their web site. This just is not possible with shared hosting. In addition to having a separate miniserver, we can also also provide fully managed support which would take care of most system administration requirements that the customer may have.
We patch and update the shared web servers so that Apache, PHP, MySQL and all the other individual components are secure and kept up to date as much as possible to ensure vulnerabilities are kept to an absolute minimum. Obviously it is the customer’s responsibility on shared web hosting to ensure that their application is fully secured as well.
We must take action on web sites where phishing code is discovered for the security of our network and we have a responsibility to both our customers and our upstream network providers to resolve these issues as quickly as possible.
After the above comment from Martyn, I had a discussion with him about possible ways for the society to recover their site hosting from this.
Rather than wait for them to ask me for help, I approached them and am now in the process of assisting. Hopefully, fingers crossed, the site will return.
Nobody can say I’m uncaring 😉