Help Really Cool Nonprofit Reptile Park Not Have Unusably Sucky Web Site
August 9, 2009 7:46 AM Subscribe
Hideously incompetent webmaster volunteer dies, leaving awesome but destitute nonprofit reptile park with a blacklisted, non-updatable web site. Management is all-consumed by the task of feeding and caring for 300 huge crocodiles and running around the country to rescue others, so it falls on the rest of us to bring their web site, a simmering pile of alligator squat, back to some point of usability. But how the heck to proceed without drowning in crocodile tears?
These guys (ignore the malware warning...more on that in a sec) run all over the country rescuing unwanted crocodiles (idiots buy babies as gifts for their kids, then, duh, don't know what to do with them when they grown (the crocs, not the kids), and bring them back to their refuge in Florida, where they care for them and edutain the public, trying to destigmatize these awesome big creatures. Kids can have alligator birthday parties at the park. One current resident is Tarzan, 90 year old croc star of the old Tarzan films from the 1930's. The whole operation's awesome, like out of a dream (I've never been there; just follow along from afar).
Unfortunately, there's not much money in this, so they resort to sucky volunteer labor for things like their web site. And the latter's a simmering pile of crocodile squat - and the guy who donated programming(sic) and design(sic) recently passed away. It's currently blacklisted as a malware site, and most surfers using Safari or Fireforx can't even get in. One peek at the source code, and you'll see why. It's insane.
They can't afford a site makeover, nor do they really want one. Even though it looks cheesey, they're ok with it. They just want to 1. get off the blacklist, and 2. have a way to update stuff (including the blog, currently a badly installed old version of Word Press whose details the deceased programmer took to his grave). And while my instinct is to tear it all down and build new, that'd be expensive to recreate.
So I'm thinking of taking a deep breath, wading into the wanky code, and purging the non-functional ad delivery set-up, the pointless javascript; reconfiguring the images pulled from other servers, and figure out why Camino reports a bunch of glacially-loading files ending in .tw.
Can anyone offer advice? Or if you have time to actually help, I'd kick in some money from my own pocket (I'm just a volunteer, myself), or the Croc guys could provide a tax receipt for donated labor. I don't want the refuge to close! Where would the 300 giant crocodiles live???
These guys (ignore the malware warning...more on that in a sec) run all over the country rescuing unwanted crocodiles (idiots buy babies as gifts for their kids, then, duh, don't know what to do with them when they grown (the crocs, not the kids), and bring them back to their refuge in Florida, where they care for them and edutain the public, trying to destigmatize these awesome big creatures. Kids can have alligator birthday parties at the park. One current resident is Tarzan, 90 year old croc star of the old Tarzan films from the 1930's. The whole operation's awesome, like out of a dream (I've never been there; just follow along from afar).
Unfortunately, there's not much money in this, so they resort to sucky volunteer labor for things like their web site. And the latter's a simmering pile of crocodile squat - and the guy who donated programming(sic) and design(sic) recently passed away. It's currently blacklisted as a malware site, and most surfers using Safari or Fireforx can't even get in. One peek at the source code, and you'll see why. It's insane.
They can't afford a site makeover, nor do they really want one. Even though it looks cheesey, they're ok with it. They just want to 1. get off the blacklist, and 2. have a way to update stuff (including the blog, currently a badly installed old version of Word Press whose details the deceased programmer took to his grave). And while my instinct is to tear it all down and build new, that'd be expensive to recreate.
So I'm thinking of taking a deep breath, wading into the wanky code, and purging the non-functional ad delivery set-up, the pointless javascript; reconfiguring the images pulled from other servers, and figure out why Camino reports a bunch of glacially-loading files ending in .tw.
Can anyone offer advice? Or if you have time to actually help, I'd kick in some money from my own pocket (I'm just a volunteer, myself), or the Croc guys could provide a tax receipt for donated labor. I don't want the refuge to close! Where would the 300 giant crocodiles live???
NUKE IT FROM ORBIT after you save any content worth saving. (I'm not going to look just on your say so . . .)
Buy a new domain name, install a simple CMS on a budget shared server web host and do minimum customization. Any idiot can maintain a simple CMS based site now. Or do it through Google or Yahoo if you want it even more idiot proof.
Great project, great of you to be willing to help. But these guys, it sounds like, need a fresh start whether they know it or not.
posted by fourcheesemac at 7:52 AM on August 9, 2009 [1 favorite]
Buy a new domain name, install a simple CMS on a budget shared server web host and do minimum customization. Any idiot can maintain a simple CMS based site now. Or do it through Google or Yahoo if you want it even more idiot proof.
Great project, great of you to be willing to help. But these guys, it sounds like, need a fresh start whether they know it or not.
posted by fourcheesemac at 7:52 AM on August 9, 2009 [1 favorite]
Response by poster: Oh, I agree about teardown...if it were affordable. Problem is, they Croc guys want the same look recreated. And I spoke to a skillful designer who bugged out about what a huge and expensive job that would be.
The essential goals are: 1. get off the blacklist, and 2. find a way to update content (I'm the guy who'd do the updates, so I don't need a fancy content management UI; I'm happy to update amid html if necessary).
posted by jimmyjimjim at 7:54 AM on August 9, 2009
The essential goals are: 1. get off the blacklist, and 2. find a way to update content (I'm the guy who'd do the updates, so I don't need a fancy content management UI; I'm happy to update amid html if necessary).
posted by jimmyjimjim at 7:54 AM on August 9, 2009
Response by poster: 4cheese--
They have myriad promo materials with this URL on it. So we're forced to take the route of fixing problems, then asking the blacklisters to reevaluate.
They don't want a simplified, stripped-down looking web site. It's presently jazzy-looking (in a very cheesey and dysfunctional way). If we leave them with something tamer, or jazzy in a way they dislike, they'll perceive themselves to be in a worse situation. And they're right in a way; a crocodile sanctuary does need somewhat grabby marketing. This isn't a site to please intellectual geeks, it's for mainstream folks in Tampa.
posted by jimmyjimjim at 7:58 AM on August 9, 2009
They have myriad promo materials with this URL on it. So we're forced to take the route of fixing problems, then asking the blacklisters to reevaluate.
They don't want a simplified, stripped-down looking web site. It's presently jazzy-looking (in a very cheesey and dysfunctional way). If we leave them with something tamer, or jazzy in a way they dislike, they'll perceive themselves to be in a worse situation. And they're right in a way; a crocodile sanctuary does need somewhat grabby marketing. This isn't a site to please intellectual geeks, it's for mainstream folks in Tampa.
posted by jimmyjimjim at 7:58 AM on August 9, 2009
This is how they got screwed up in the first place. Your best bet would be to convince them they're thinking about this all wrong, and then do a solid, basic new site for them.
Tell them it's like taking into account that a cute baby croc will someday be a 9 foot dragon.
I hope they don't go backwards when handling the crocs.
posted by fourcheesemac at 8:02 AM on August 9, 2009
Tell them it's like taking into account that a cute baby croc will someday be a 9 foot dragon.
I hope they don't go backwards when handling the crocs.
posted by fourcheesemac at 8:02 AM on August 9, 2009
What? That isn't a very snazzy looking site; it's pretty simple. It would be very easy to re-create in WordPress at the the same domain, which would give you a lot of other benefits including the ability to update it.
I'm very sorry but in order to achieve your stated goals (get off the blacklists, be able to update the site) you are going to have to nuke it from orbit and start over. You should be able to do this inexpensively; if you want me to refer you to someone who can do this for under $300, MeMail me.
posted by DarlingBri at 8:05 AM on August 9, 2009 [2 favorites]
I'm very sorry but in order to achieve your stated goals (get off the blacklists, be able to update the site) you are going to have to nuke it from orbit and start over. You should be able to do this inexpensively; if you want me to refer you to someone who can do this for under $300, MeMail me.
posted by DarlingBri at 8:05 AM on August 9, 2009 [2 favorites]
Response by poster: 4cheese, that level of human engineering is not possible. I'm not the boss of them.
So, if you have ideas, or can help, me to foot their bill (i.e. 1. make present site more or less work, or 2. recreate look of present site as a new site), that'd be much appreciated. If not, I perfectly understand, but then this thread's not for you, since you can't help with my question.
posted by jimmyjimjim at 8:11 AM on August 9, 2009
So, if you have ideas, or can help, me to foot their bill (i.e. 1. make present site more or less work, or 2. recreate look of present site as a new site), that'd be much appreciated. If not, I perfectly understand, but then this thread's not for you, since you can't help with my question.
posted by jimmyjimjim at 8:11 AM on August 9, 2009
As much as I hate crappy websites and try to make awesome ones, cheesiness isn't a huge problem for people and consumers who don't care about it.
1. recover the password of that WP site. it looks like WP stupidly doesn't 'salt' passwords, so this should be easy.
2. Update to the new version of WordPress IMMEDIATELY. WordPress is a security nightmare, and likely the new version will buy you six months/a year until it's infinitely hackable, but the installation up there is 100% likely to be hackable/hacked.
3. Turn off comments/etc, and probably delete those that exist. 99% this is why it's blacklisted.
4. Post on Craiglist, etc., for a low-paying but _paying_ job to make this site decent.
posted by tmcw at 8:11 AM on August 9, 2009
1. recover the password of that WP site. it looks like WP stupidly doesn't 'salt' passwords, so this should be easy.
2. Update to the new version of WordPress IMMEDIATELY. WordPress is a security nightmare, and likely the new version will buy you six months/a year until it's infinitely hackable, but the installation up there is 100% likely to be hackable/hacked.
3. Turn off comments/etc, and probably delete those that exist. 99% this is why it's blacklisted.
4. Post on Craiglist, etc., for a low-paying but _paying_ job to make this site decent.
posted by tmcw at 8:11 AM on August 9, 2009
Response by poster: DarlingBri, didn't look that complex to me, either. But the designer I sent to look at it thought it'd be a bear to simulate. But, shoot, if someone out there can really recreate this in WordPress that cheap, I'd be thrilled. Will MeMail you, thanks!
posted by jimmyjimjim at 8:13 AM on August 9, 2009
posted by jimmyjimjim at 8:13 AM on August 9, 2009
Best answer: FYI: it's being blocked as an attack site because it was reported to contain "obfuscated javascript code" and spam links.
It does contain both those things right now, as well as a PHP snippet (not executed in your case) which is supposed to load a gigantic pile of spam links into the homepage.
The server's been completely compromised. If you can take control of the domain (tricky without access to the one email address attached to all three roles in whois) I'd get a new host. Failing that, if you can access the server it's on now,
a) delete everything
b) register a new domain
c) put up a redirect on the old domain
d) get the block removed.
That'd be enough to prevent the existing print materials from being rendered useless. At least until December 18th, when the domain expires.
posted by genghis at 8:33 AM on August 9, 2009 [3 favorites]
It does contain both those things right now, as well as a PHP snippet (not executed in your case) which is supposed to load a gigantic pile of spam links into the homepage.
The server's been completely compromised. If you can take control of the domain (tricky without access to the one email address attached to all three roles in whois) I'd get a new host. Failing that, if you can access the server it's on now,
a) delete everything
b) register a new domain
c) put up a redirect on the old domain
d) get the block removed.
That'd be enough to prevent the existing print materials from being rendered useless. At least until December 18th, when the domain expires.
posted by genghis at 8:33 AM on August 9, 2009 [3 favorites]
Response by poster: Genghis, thanks for the detective work, that helped a lot.
The whois email address is, fortunately, not the dead web guy, it's the croc park manager. So I guess we'll move to a new host, and kill the word press until we can crack out the password and update to latest version. I'll also make sure they renew their domain.
posted by jimmyjimjim at 8:45 AM on August 9, 2009
The whois email address is, fortunately, not the dead web guy, it's the croc park manager. So I guess we'll move to a new host, and kill the word press until we can crack out the password and update to latest version. I'll also make sure they renew their domain.
posted by jimmyjimjim at 8:45 AM on August 9, 2009
Response by poster: also, they're hosted on Stargate. Should we get off of them entirely?
posted by jimmyjimjim at 8:46 AM on August 9, 2009
posted by jimmyjimjim at 8:46 AM on August 9, 2009
recovering the password might be as easy as dumping the value into here: http://md5.thekaine.de/
posted by jangie at 9:34 AM on August 9, 2009 [1 favorite]
posted by jangie at 9:34 AM on August 9, 2009 [1 favorite]
I don't get a Crocodile Park's website when I go to your link, I get a page saying the domain is for sale by some company called Preface.
posted by Jupiter Jones at 9:37 AM on August 9, 2009
posted by Jupiter Jones at 9:37 AM on August 9, 2009
Response by poster: Yep, site just went down. Who knows.......
posted by jimmyjimjim at 10:05 AM on August 9, 2009
posted by jimmyjimjim at 10:05 AM on August 9, 2009
I'm in a similar situation and would love to know a good simple CMS that a computer-savvy but non-programmer could install on a server for a non-profit.
posted by canine epigram at 10:13 AM on August 9, 2009
posted by canine epigram at 10:13 AM on August 9, 2009
Best answer:
YEAH, I'd move hosts.
posted by genghis at 10:38 AM on August 9, 2009 [2 favorites]
also, they're hosted on Stargate. Should we get off of them entirely?I'm not entirely sure why people are blaming Wordpress for your predicament (other than its known habit of having a new security patch every six hours) 'cos that's not Wordpress. Someone busted into a regular web server and wrote all over your homepage.
YEAH, I'd move hosts.
posted by genghis at 10:38 AM on August 9, 2009 [2 favorites]
jimmyjimjim: DarlingBri, didn't look that complex to me, either. But the designer I sent to look at it thought it'd be a bear to simulate.
Well then get a better designer, because... that's not accurate. Everything can be either re-created, mimicked or re-done much, much better with contemporary code that's not from KewlTicks4u or wherever that... stuff... came from.
Argh. Just send me a screenshot (I'm not sure I'm seeing the whole thing, some stuff may be blocked), I'll clean up the design out of sheer annoyance, and send you to the guy to, you know, make it real.
I hate seeing people get screwed.
posted by DarlingBri at 11:39 AM on August 9, 2009 [1 favorite]
Well then get a better designer, because... that's not accurate. Everything can be either re-created, mimicked or re-done much, much better with contemporary code that's not from KewlTicks4u or wherever that... stuff... came from.
Argh. Just send me a screenshot (I'm not sure I'm seeing the whole thing, some stuff may be blocked), I'll clean up the design out of sheer annoyance, and send you to the guy to, you know, make it real.
I hate seeing people get screwed.
posted by DarlingBri at 11:39 AM on August 9, 2009 [1 favorite]
Response by poster: DarlingBri, sounds awesome.
Re: the hacking stuff (which is actually, I'm starting to think, the root of much of the site's craziness), I got an idea: maybe use the wayback machine/internet archive snapshots of the site as a tool in reverting.
That might be a super easy way to scrub out the malicious add-ins.......
posted by jimmyjimjim at 11:46 AM on August 9, 2009
Re: the hacking stuff (which is actually, I'm starting to think, the root of much of the site's craziness), I got an idea: maybe use the wayback machine/internet archive snapshots of the site as a tool in reverting.
That might be a super easy way to scrub out the malicious add-ins.......
posted by jimmyjimjim at 11:46 AM on August 9, 2009
Response by poster: Nope, ix-nay on the aybackmachine-way.
I just actually clicked through on the snapshots, and they're all useless. Argh.
posted by jimmyjimjim at 11:48 AM on August 9, 2009
I just actually clicked through on the snapshots, and they're all useless. Argh.
posted by jimmyjimjim at 11:48 AM on August 9, 2009
Is there nowhere to find a local copy of the old website files? Did the guy who died not have a spouse or child that could try to hunt up an old version of the site files on his computer? That would give you a place to start, anyway.
Other than that, you should do what ghengis said. And WP isn't the problem - it's that the install hasn't been kept up to date that's allowed it to be hacked. But that will be the same with any other database driven CMS.
posted by gemmy at 12:15 PM on August 9, 2009
Other than that, you should do what ghengis said. And WP isn't the problem - it's that the install hasn't been kept up to date that's allowed it to be hacked. But that will be the same with any other database driven CMS.
posted by gemmy at 12:15 PM on August 9, 2009
Response by poster: Nope. Wordpress is the only part that's not hacked....cuz their WP implementation, it turns out, is hosted on WP's servers. The REST of the site is hacked, as are all the other sites on this same server.
And I'm having a terrible time trying to grab nuggets of the original content, because the hackers have cleared the site's pages totally of the original content, and we're just seeing mirrored bits and chunks of that content from sites, mostly in Taiwan. And wayback ain't helping, either.
Not looking good, alas.
posted by jimmyjimjim at 1:32 PM on August 9, 2009
And I'm having a terrible time trying to grab nuggets of the original content, because the hackers have cleared the site's pages totally of the original content, and we're just seeing mirrored bits and chunks of that content from sites, mostly in Taiwan. And wayback ain't helping, either.
Not looking good, alas.
posted by jimmyjimjim at 1:32 PM on August 9, 2009
I have dealt with my share of small nonprofit clients. You really need to break this problem down for them:
- The design/look of the site. The design is not a total eyesore and the client is happy with it, so I see no reason to force them to change. But this is the very least of their problems. Of course it may benefit from a makeover, but that can cost money and ultimately I guess they (understandably) don't consider having a slick looking website to be a high priority. But consider this: No designer likes to recreate other peoples' designs, especially if they are sort of shitty. You may need to find someone with less ego who wants to help out the organization, or try to convince the gator people that a new, fresh design would be good, etc. It might be easier to get a young student/designer to donate a redesign that they can use for their portfolio.
- Extracting the existing content that is on the site. I have not looked too deeply in there but, unless there is a lot in there, as a last resort just have someone spend an afternoon copy-pasting text and downloading any graphics that need to be saved. I know it's a bother but sometimes it's the easiest way to do it. (On preview, if even that's impossible, maybe someone can recreate stuff from printed materials? I've seen situations like this elsewhere, unfortunately. Think of it this way if you can't get anything out of the current site - no one was able to see it anyway, so there's not much lost!)
- The current underpinnings (code) of the site are a disaster, hacked beyond recognition. It's going to have to go.
- Setting up the website anew, on a more secure and easy to upgrade platform. This is going to be the critical, and potentially expensive, deal. If you have a self-hosted (as in, hosted on a generic hosting provider) site, you are going to have to have someone around who knows how to keep it updated with all security patches and the like - and it sounds like they don't have the resources, human or monetary, for this. You may want to warn them that if they keep their site hosted under the current or similar circumstances, they will get into the same mess again sooner or later.
So, I would say that the best, most cost-effective thing for them to do is to move the whole site over to an inexpensive or free hosted and managed platform like Typepad, or even Blogger - any system that allows domain mapping, since they want to keep their domain, and allows them to update the content themselves without having to worry about site functionality or safety. (not sure if Wordpress.com allows domain mapping yet, but if they do that may be the best choice since the current blog part is on WP.) This way, they never have to worry about getting hacked horribly again. A competent web designer familiar with blogging platforms should be able to do this for them for not too much money, provided the brute force work like extracting current content to be saved and transferred over (or re-digitized) is done for them. A blogging system nowadays can manage more than 'just' a blog and is really the way to go for non-profits like this.
posted by thread_makimaki at 2:02 PM on August 9, 2009
- The design/look of the site. The design is not a total eyesore and the client is happy with it, so I see no reason to force them to change. But this is the very least of their problems. Of course it may benefit from a makeover, but that can cost money and ultimately I guess they (understandably) don't consider having a slick looking website to be a high priority. But consider this: No designer likes to recreate other peoples' designs, especially if they are sort of shitty. You may need to find someone with less ego who wants to help out the organization, or try to convince the gator people that a new, fresh design would be good, etc. It might be easier to get a young student/designer to donate a redesign that they can use for their portfolio.
- Extracting the existing content that is on the site. I have not looked too deeply in there but, unless there is a lot in there, as a last resort just have someone spend an afternoon copy-pasting text and downloading any graphics that need to be saved. I know it's a bother but sometimes it's the easiest way to do it. (On preview, if even that's impossible, maybe someone can recreate stuff from printed materials? I've seen situations like this elsewhere, unfortunately. Think of it this way if you can't get anything out of the current site - no one was able to see it anyway, so there's not much lost!)
- The current underpinnings (code) of the site are a disaster, hacked beyond recognition. It's going to have to go.
- Setting up the website anew, on a more secure and easy to upgrade platform. This is going to be the critical, and potentially expensive, deal. If you have a self-hosted (as in, hosted on a generic hosting provider) site, you are going to have to have someone around who knows how to keep it updated with all security patches and the like - and it sounds like they don't have the resources, human or monetary, for this. You may want to warn them that if they keep their site hosted under the current or similar circumstances, they will get into the same mess again sooner or later.
So, I would say that the best, most cost-effective thing for them to do is to move the whole site over to an inexpensive or free hosted and managed platform like Typepad, or even Blogger - any system that allows domain mapping, since they want to keep their domain, and allows them to update the content themselves without having to worry about site functionality or safety. (not sure if Wordpress.com allows domain mapping yet, but if they do that may be the best choice since the current blog part is on WP.) This way, they never have to worry about getting hacked horribly again. A competent web designer familiar with blogging platforms should be able to do this for them for not too much money, provided the brute force work like extracting current content to be saved and transferred over (or re-digitized) is done for them. A blogging system nowadays can manage more than 'just' a blog and is really the way to go for non-profits like this.
posted by thread_makimaki at 2:02 PM on August 9, 2009
All the content seems to be visible for me (Mac, Safari)... it would not take long at all to be back online with the old site.
Do you have FTP access to the server? Can you grab all the html/graphic files?
If not, download HTTrack, and grab all the files.
Secondly, just strip out all the javascript, PHP links and spam links. There's really not much bad stuff in there, would only take a minute per page at most, even quicker if you can figure out to find-and-replace.
Thirdly, buy new web hosting package with a reputable host (few dollars a month at most), upload new files. Then repoint your domain name if you have access to the domain name manager (at stargate by the looks of it).
Honestly, you could be back online in a few hours. Report what you've done to google and you'll be off the blacklist in a few days. Then at least you've got a working website whilst you work out the best way of moving forward.
posted by derbs at 2:24 PM on August 9, 2009
Do you have FTP access to the server? Can you grab all the html/graphic files?
If not, download HTTrack, and grab all the files.
Secondly, just strip out all the javascript, PHP links and spam links. There's really not much bad stuff in there, would only take a minute per page at most, even quicker if you can figure out to find-and-replace.
Thirdly, buy new web hosting package with a reputable host (few dollars a month at most), upload new files. Then repoint your domain name if you have access to the domain name manager (at stargate by the looks of it).
Honestly, you could be back online in a few hours. Report what you've done to google and you'll be off the blacklist in a few days. Then at least you've got a working website whilst you work out the best way of moving forward.
posted by derbs at 2:24 PM on August 9, 2009
Response by poster: Thanks, guys. It's funny though...
thread_makimaki said:
"- The current underpinnings (code) of the site are a disaster, hacked beyond recognition. It's going to have to go. "
and derbs said:
"just strip out all the javascript, PHP links and spam links. There's really not much bad stuff in there, would only take a minute per page at most"
...and, strangely, that mirrors what I've been hearing from others looking at this. Smart people are equally divided. It's been bouncing around all day like that.
But I'm starting to feel pretty confident I can strip out the evil and get them up and running (on a different host). Right now, they're too busy feeding 300 crocodiles to even reply to any of my emails....
posted by jimmyjimjim at 2:51 PM on August 9, 2009
thread_makimaki said:
"- The current underpinnings (code) of the site are a disaster, hacked beyond recognition. It's going to have to go. "
and derbs said:
"just strip out all the javascript, PHP links and spam links. There's really not much bad stuff in there, would only take a minute per page at most"
...and, strangely, that mirrors what I've been hearing from others looking at this. Smart people are equally divided. It's been bouncing around all day like that.
But I'm starting to feel pretty confident I can strip out the evil and get them up and running (on a different host). Right now, they're too busy feeding 300 crocodiles to even reply to any of my emails....
posted by jimmyjimjim at 2:51 PM on August 9, 2009
Response by poster: PS - yes, I have FTP access. And I've got all the files locally now.
posted by jimmyjimjim at 3:16 PM on August 9, 2009
posted by jimmyjimjim at 3:16 PM on August 9, 2009
Best answer: I can't be certain, but I reckon the hackers got in by way of cracking your password, or exploiting a vulnerability with your host, and then adding their JS and php crap to your existing pages. I don't think they've been destructive in terms of wiping anything. You need a new reputable host though, with a long, secure password!
Anyway I've created a couple of pdf files, of the source code of the home and about page, of which i've highlighted the malicious stuff in red, and other crap the original designer has put in there in green, which you can get rid of.
There's a lot of obfuscated JS on the homepage, but it's still only a 2 minute job to remove. The about page is even simpler to clean up. You could do a find and replace in dreamweaver, or any other editor that supports grep on multiple files. I've not highlighted the horrible html code (generated by whatever service he used to create them in the first place), but that's a job for another day and isn't a huge problem.
At the end of the day, you'll be left with flat, basic html files, which on a decent server with a strong password will be practically unhackable.
posted by derbs at 3:58 PM on August 9, 2009
Anyway I've created a couple of pdf files, of the source code of the home and about page, of which i've highlighted the malicious stuff in red, and other crap the original designer has put in there in green, which you can get rid of.
There's a lot of obfuscated JS on the homepage, but it's still only a 2 minute job to remove. The about page is even simpler to clean up. You could do a find and replace in dreamweaver, or any other editor that supports grep on multiple files. I've not highlighted the horrible html code (generated by whatever service he used to create them in the first place), but that's a job for another day and isn't a huge problem.
At the end of the day, you'll be left with flat, basic html files, which on a decent server with a strong password will be practically unhackable.
posted by derbs at 3:58 PM on August 9, 2009
Response by poster: derbs, thanks so much. I'm a grep-aholic, so I'll dig into this eagerly.
posted by jimmyjimjim at 4:59 PM on August 9, 2009
posted by jimmyjimjim at 4:59 PM on August 9, 2009
No probs jimmyjimjim, feel free to email me, always willing to help out for a good cause, even though i'm not a big fan of crocs!
posted by derbs at 5:09 PM on August 9, 2009
posted by derbs at 5:09 PM on August 9, 2009
Response by poster: Crocs get a bad rep. They're not mean, they're just hungry. Everybody gets hungry! To a potato chip, human beings seem mean and vicious!
posted by jimmyjimjim at 5:13 PM on August 9, 2009
posted by jimmyjimjim at 5:13 PM on August 9, 2009
If you ask a question for which the premises are mistaken or expect support for an unrealistic plan, you should be prepared to have people question the premises or challenge the plan without taking offense. Your original idea of salvaging the site was a bad one, in my opinion. Now that appears to be the consensus. But for saying so, I got "this is not the thread for you."
A *professional* web designer, even one working for free out of charity, would not recommend a client pursue (or maintain) an unprofessional web strategy that results in blacklisting, clients unable to access the site, and the spreading of spam and malware to unsuspecting visitors' computers. By doing so, you do them no favors and don't improve on their previous ("crazy" and now dead) designer's work at all.
It doesn't matter if they rescue crocs or sell Croc shoes. A professional website is a professional website. And what they've got ain't that.
posted by fourcheesemac at 3:11 AM on August 11, 2009
A *professional* web designer, even one working for free out of charity, would not recommend a client pursue (or maintain) an unprofessional web strategy that results in blacklisting, clients unable to access the site, and the spreading of spam and malware to unsuspecting visitors' computers. By doing so, you do them no favors and don't improve on their previous ("crazy" and now dead) designer's work at all.
It doesn't matter if they rescue crocs or sell Croc shoes. A professional website is a professional website. And what they've got ain't that.
posted by fourcheesemac at 3:11 AM on August 11, 2009
Response by poster: I guess that you don't just disregard questions...you disregard the answers, as well.
It's been established by helpful posters here that the site's server was hacked, and injection of malicious code had resulted in the blacklist. That code has been removed, the files transfered to a new host, and we're about to switch the nameservers. And then the client will have exactly what they wanted (not what you want, what they want): their old web site, perfectly usable if not particularly professional.
I do recognize that among all the awesome smart and helpful users here, there's a small but staunch minority that's all about testily questioning assumptions rather than answering questions. Fortunately, this thread was not hijacked by such efforts, and I got what I needed.
posted by jimmyjimjim at 12:42 PM on August 13, 2009
It's been established by helpful posters here that the site's server was hacked, and injection of malicious code had resulted in the blacklist. That code has been removed, the files transfered to a new host, and we're about to switch the nameservers. And then the client will have exactly what they wanted (not what you want, what they want): their old web site, perfectly usable if not particularly professional.
I do recognize that among all the awesome smart and helpful users here, there's a small but staunch minority that's all about testily questioning assumptions rather than answering questions. Fortunately, this thread was not hijacked by such efforts, and I got what I needed.
posted by jimmyjimjim at 12:42 PM on August 13, 2009
This thread is closed to new comments.
posted by Inspector.Gadget at 7:50 AM on August 9, 2009