I’d like to say thanks again to Ryan of Dao by Design for all his hard work in this Sinosplice redesign. Much of the work that went into the new site was “under the hood,” as Ryan worked out ways for me to move my “WordPress + static file hybrid” site into a modern, fully CMS-managed website. Now I can do everything (all sorts of updates) through the WordPress admin panel, which is enormously convenient. Furthermore, Ryan was really patient and professional about letting me try out some of my ideas. Some of them turned out to be deadends, but I’m really glad I got to try them out. Most often the end result was a design that was simpler, which is certainly a good thing.
One of the goals of this redesign was to make it easier to interlink blog post content and non-blog content, particularly the language-related content. Although this redesign has already done that to a greater extent, the stage is set for me to organize the content much better for the casual visitor.
Now, here are some “before and after” comparison screenshots for fun:
Comments are now temporarily suspended on all blog posts as I prepare to move Sinosplice completely off DreamHost and onto WebFaction, my new host [more info].
On the new host Sinosplice will be sporting a new look (although much will remain the same… especially for you RSS readers!). Still simple and minimalist, but more professional and up-to-date, executed by Ryan of Dao By Design, the China blogosphere’s designer of choice.
Ryan and I will be tweaking the new site over the weekend, so if all goes well the new design will go live and comments will come back on Sunday, February 7th.
Earlier this year, my Dreamhost webhosting account was hacked. I’ve been dealing with it for months, but I’m no programmer. The information provided by Dreamhost customer support, while helpful, has been far from sufficient to actually resolve the problem in a satisfactory way. That’s why I’m writing this blog post: to help others than might be in a similar situation.
How the Hacker Got In
I’m pretty sure the hacker got in through an old abandoned WordPress install that I had forgotten to delete. (It’s essential that you either keep all web apps up to date, or delete them. To do otherwise is to ask for trouble. Hackers will eventually discover the old installs with security vulnerabilities.)
After gaining access, the hacker uploaded a PHP backdoor script which allowed him to get back in easily and upload or edit any files he wants, even after I deleted the old WordPress installation that had the vulnerability. The backdoor script he used is called PHPspy, and is freely available on the internet. (Interestingly, it’s also Chinese.)