DISCLAIMER:

This post was written by someone who doesn’t know 100% of what happened, so don’t look for details or expect complete accuracy. Usually, we discourage this kind of approach, but it’s been a rough week, and we just wanted to share some of the challenges a project like ours can face.

Every Connected Device Is Vulnerable

Like with any news story, we tend to think: “That will never happen to me” or “It’s far away; things are different here.” But when it comes to technology, no one is truly safe.

We’ve seen it happen time and time again: your phone falls into the toilet, you click on a link in a suspicious email, you buy a Windows PC with no firewall (yes, XP, we’ll never forget your Service Pack 2 move), and suddenly, everything on your device is gone forever.

There’s no easy way to say this: if you’re connected to the internet, you can be a target.

Back when we only had a personal computer connecting to the internet, our mindset was: “What could they possibly steal from me? I just have boring documents and poems on my PC.” But now that our phones know us better than we know ourselves, being a potential target is much more unsettling (and rightfully so!).

Every now and then, we hear about data breaches, and we’re told to change our passwords (which, by the way, you should always do—even if no one tells you to! And don’t reuse passwords across sites—use a password manager like Bitwarden. No sponsorship here, just another great open-source project).

But why should everyone care about internet security (and etiquette—there’s actually a word for that: netiquette! Isn’t it cute?!) instead of leaving it all to the “tech people”?

Two key reasons come to mind:

• You never know (and trust us, you don’t want to know) what people can do with your data—your pictures, videos, and personal information.
• When you don’t take precautions, you make it nearly impossible for tech professionals to block or resolve security breaches efficiently (and believe us, we just witnessed this firsthand).

Someone’s Trash Is Someone Else’s Treasure

Your phone holds personal photos, and even though we live in an age of endless video streams and image sharing, we’re still not comfortable with the idea of strangers owning our private content—whether it’s something intimate or just sensitive (from nude photos to bank account passwords).

But over the past few months, we’ve learned the hard way that even if you think you have nothing valuable on your computer, that doesn’t mean you’re safe—or that you won’t have something valuable in the future.

Even though the panic of not knowing what was happening to our site is something we’ll never forget, now that we’ve dodged the second bullet and eliminated the issue at its core, we can at least feel relieved that these two attacks happened before we had subscribers. Otherwise, it would have been much harder to intervene and keep you all safe.

One major lesson from these two attacks is that time is critical:

• As soon as you notice something unusual, investigate and fix it.
• Malware can stay dormant for months, but once it activates, it’s almost unstoppable.

What Happened?

In October, we were presented the infamous “white screen of death” when trying to access certain areas of our site. We investigated, disabled some plugins, cleared caches, and tried every solution we could find online—but nothing worked.

So, we installed a pro version of a firewall and antivirus software, which revealed that hundreds of files were infected. There were too many to check manually, so we decided to erase everything and reinstall an older backup (which, luckily… well, almost luckily, we had).

Fast-forward to last week: we noticed some strange behavior when accessing the plugin and theme manager pages. But we thought, “It can’t be. We just moved the site to Cloud68.co’s servers—they’re secure and technically skilled.” And that’s true—they are. But we weren’t.

Turns out, our “clean” backup wasn’t so clean after all. Two infected files had been lying dormant, waiting to spread across everything we opened and worked on. Over the past few months, we had unknowingly helped the malware spread.

Last week, the staff at Cloud68.co helped us understand what was really going on.

Let’s break it down:

• Our previous provider was cheap but inherently unsafe. It let us do whatever we wanted on the servers, which was great—until we got attacked. When that happened, it was entirely our fault, and they couldn’t do anything about it.
• Our new provider is more expensive but highly secure. So, when we migrated our site onto their servers, we were sure we wouldn’t pick up any new malware… except the old malware was already inside our system. Their security only detected it when it tried to spread beyond our site.

Same Problem, Same Solution… But Smarter

When the amazing folks at Cloud68.co sent us a list of infected files, our developer initially feared it would take months to sort through them all. But after two hours of analysis, the verdict changed to “forever.”

After another crushing blow, we came up with a smarter version of our previous solution:

• If we could identify the malware early, we could reinstall the same old backup but this time remove only the infected files before they had a chance to spread.

Over the weekend, this plan worked, and by Monday, we had finally removed the two files that caused the entire mess.

From now on, we’re doing our best to prevent future problems:

• We’ll stay vigilant for potential security breaches.
• We’ll create multiple backups to always have a safe version available (go back up your phone right now—you never know!).
• We’ll collaborate closely with our service providers to monitor for anything suspicious and act quickly if necessary.

We can’t promise this will never happen again—new viruses are created every day. But we can promise that we’ve learned our lesson, and we’ll work harder than ever to protect our platform and our users.

Published: Feb 12 – 2025