Well to start with, I wanted to PHP-ize everything. SO I started looking at the Apache/PHP config and as usual, without backups or testing or anything, I dived in and threw the big red switch. Everything seemed to go ok but then the trouble started!
All my websites broke. any ‘.html’ web pages that had embedded php in them broke really badly, whole directories of files became ‘not found’ and it kept asking me what I wanted to do with files of type httpd-php5 and so on….
ANyway, lots of hacking later and it seems to be working. I had to force all the ‘.html’ files to become ‘.php’ files, but a little bit of .htaccess rewriting allows for previous search engine results to continue to work. had to upgrade wordpress and do a lot of tweaking for the file ownerships and permissions to even allow people to see them.
and then I noticed I had a visitor. Not just any visitor – he had guessed the ‘admin’ password (and I thought it was SOOOO clever) and had made himself root and installed some shitty little spam engine. Got rid of that and locked down sshd access to impose limits on number of failed logins per IP but he got back in and this time installed a Mech Chat server.
He”l probably get back in – linux security isn’t my best skill – but at least he didnt trash anything and it forced me to tidy up a bit.
Sees like he was one of our dear Romanian friends, but that might just have been ip cloaking…
Next phase is to make the scam emails look a bit nicer. I am trying out mhonarc – more flexible than hypermail and much better de-miming than my sad pathetic efforts. Check back to see how I’m doing.