Home > Uncategorized > What the heck happened to the website?!?

What the heck happened to the website?!?

Steve when he realized gracingthestage.ca V. 1 was FUBAR.

So, I’ve told many people in person what happened to the website over the past month, but I’ve been putting off the written version for some time, because I thought it would come across as really depressing in print. And maybe it will, although there’s lots of odd and funny twists to it.

The short version; gracingthestage.ca was infected by malware in February, prompting us to take it offline to de-bug it; while we thought we’d backed the whole site up, when we restored it, everything, save for the post content, had been lost. So the site is now back up in a bare-bones (read: simple and kinda ugly) format, and will be changing slowly, as we attempt to restore the site to its original lustre and functionality.

For those interested in more detail on what the malware did and how we handled it, read on. For those who just want to know how it’ll affect the site from now on; future posts should be fine, past posts will have their pictures and mp3s restored (very, VERY slowly, one at a time), and the site will be repaired and improved (top bar bio and other pages, side bar blogroll, archives, etc., etc.) slowly over the next little while, from the current settings.

Also, the email list was impacted, so you should contact Steve if you’ve changed your email in the past year or two, aren’t receiving the weekly update (by next week), or start receiving it when you’d requested to be unsubscribed.

OK, from the beginning: back in February, while prepping Update 292, I started experiencing a very annoying re-direct on my browser. My personal spyware caught it, and a little online research revealed it to be “JS Downloader Agent”, a pesky little malware code. I believed it had infected my personal computer, owning to a download of a picture of The Thin White Duke from a particularly shady looking celebrity website. I ran all sorts of spyware and security checks, and it seemed I’d been able to contain and delete it, after several hours of annoyance. I finished and posted the update to gracingthestage.

A few days later, fellow blogger Carl Wilson of Zoilus sent me a message telling me that every time he visited gracingthestage, he was automatically re-directed elsewhere (more on that later). Uh oh; this sounded depressingly familiar. I called up Colin, and we started looking into it.

It turns out the malware code’s “point of entry” hadn’t been my personal computer, but via gracingthestage’s Wordpress software, probably because I had foolishly not updated said software for the site for several months, despite it prompting me to do so right at the top of the admin page. Had I done so, the malware code probably wouldn’t have been able to worm its way in. So the first moral of the story: ALWAYS update your software when prompted!

Apparently, this code was Chinese in origin. And bafflingly enough, it was automatically re-directing not to a fake shopping site, or porn, or a gambling site, but to a URL that began with “China.TV”, and was an embedded video of a Chinese company building a dam (possibly The Three Gorges). Was the Chinese government hacking my little performing arts blog to promote its massive construction capabilities? I don’t know, but it’s still a real headscratcher; I can only surmise that the malware coders had designed the worm to trawl the net and hack any rubes who’d left a back door open to their website (like I had), solely to drive traffic to this “China.TV” site.

Anyway, Colin took this virus VERY seriously: he has a strict “nuke from orbit” policy when it comes to malware. He undertook an aggressive eradication campaign, starting by deleting and re-installing our Wordpress software. As I’ve said, he prudently backed up the site before doing so; however, what he didn’t back up was our theme and “widgets”. SO… when the site came back online, it was a blank white page, with a column of text running down a thin column in the middle, with a blue background header. On this header, in a default font, it read “Gracing the Stage”, and directly below, “Just Another WordPress Weblog”. OUCH.

The good news was there was no trace of the virus; a fact our web hosting company, wedohosting.com, confirmed (I really really like and recommend those guys). The bad news: gone was the top bar pages and navigation, the side bar calendar (which, granted, I hadn’t been updating in some time), search engine, etc., etc – basically, every element of the painstakingly constructed Version 1. Also gone was all the gorgeous design I’d paid a professional designer to implement (part of the money raised at last year’s launch party had paid for this), and the gorgeous colour grading, margin spacing, and other small but vital design tweaks Colin had spent so much time doing himself. In effect, the website had disappeared, leaving only the text of the posts. Hotlinks (thank God) and embedded videos still work, because they weren’t dependent on installed widgets (which we had quite a few of in the old design); pictures and MP3 links, whose pathways were reliant on a folder deleted in the reinstall, are all broken, and will need to be replaced, one at a time, by yours truly.

Also deleted was the 1,000 strong email database. Luckily, Colin had a backup from when he first transferred the emails over in Dec. 2008 from the old Yahoo Group site (that had issued the weekly updates for almost 6 years); and 90% of the new email subscribers over the past year, I have a written copy of their email. So we’ve re-installed those (one at a time, if they were from the past year). If you’ve unsubscribed in the past year, that’d be why you’re receiving the update again; please email me to cancel again (with my apologies). You should also contact me if you’ve changed your email in the past couple of years, and still want to receive the weekly update (still, IMO, the most reliable way to keep tabs on the local performing arts scenes).

I’ve taken this setback pretty hard, to be perfectly frank. The website’s original design was absolutely beautiful to my eyes, and although I know it was due for a minor redesign (mostly of the sidebar, so there was a proper blogroll, and more social media integration with Twitter and what not), the overall page was still a clean and crisp knockout. It’s going to take a good long while (and some cash that I frankly can’t spend right now) to get it looking that good again. Also, Colin is much busier these days, and has far less free time to spend on re-designing the site himself (hard work), or showing me how to do so (MUCH harder – I am HTML illiterate). So this plug and play theme we’re currently using (which I’m not a huge fan of) may be in place for a while longer.

If anyone has any questions or comments, please do get in touch, or comment below. I’d like to personally thank Colin for all his hard work, our hosting company for doing their best to help us with what was really none of their business, and all the local companies, performers, and producers who’ve been affected by this blackout. I’m especially grateful to those who’ve continued to comp me to see shows, even when I haven’t had a viable way to promote their work; hopefully, what I’ve seen will inform on what I promote in the future (which is always the case, I suppose, even when I don’t write about a show in detail).

Thanks for stickin’ with us; I’ll endeavour to start being as productive as I was this time last year. First update since the crash should be posted just a few hours after this explanation post!

See you around town,


Categories: Uncategorized Tags: