We’re off to see the server

by Diane Duane

One of the annoying things about being a (midlist) writer in this world we live in is that you have to take care of (or have to have taken care of for you) your “shop window” — the various forms of publicity that let people know you’re alive and writing. In my case, this means, among many other things, the various Young Wizards websites.

The main Young Wizards site has been running on Drupal for a good while — in fact, since I stopped hand-coding it in HTML — and the theme it’s been using has, also for a while now, struck me as kind of static and in need of an update. This issue has been on my mind more or less constantly for the past six months or so. But you know how it is — things get put, as they put it over here, “on the long finger”. You get busy with work, or with the administrivia surrounding work, and it doesn’t get handled for a good while. Finally in August I got started on it, but it wasn’t going to be anything but a pre-production site for a while.

Then (as so often happens) something comes along and forces your hand. While I was at the Discworld convention in the UK a couple of weeks ago, out of the blue I got a mail from Google telling me that they thought my site had been hacked. And Google searches for “Young Wizards” now say as much. Needless to say, this isn’t a situation that can be left to fester.

Anyway, I’ve spent the last two weeks, more or less, tearing the installation apart and putting it back together again, as well as hastily working to bring online the makeover version of the main web installation that I’ve long been planning — based on WordPress this time instead of Drupal. (This is at least partly because, though I love Drupal dearly, I just don’t have enough time to spare these days to indulge my inner geek wrestling with the PHP and the modules and all the rest of it. I find I’m preferring a platform that updates its own damn core rather than having to have it done manually once a month. And there are a bunch of other reasons, but never mind those right now.)

None of this activity has shown on the surface. Among other things, it takes a while to first of all figure out what was giving Google the idea that we had been hacked (their own diagnostics surprisingly being a bit vague on this), then trying to work out whether the problem could be cured while leaving the patient in situ or whether more radical surgery was required.

In the case of the Young Wizards domain, the culprit appeared to be the wiki installation in which for some years I’ve been storing general notes about the YW universe that were well-developed enough or general enough to make public. The spammers had been at the wiki, creating thousands of spurious user accounts and messing with their User:Talk pages — not that this is something they haven’t done before, and something we’ve blocked or deleted insofar as Mediawiki’s basic structure makes that possible. But this time for some reason or another the situation seems to have grabbed the Googlebot’s attention when it passed through.

There is unfortunately no quick and easy way to fix this problem in Mediawiki by bulk-deleting all the spammer-users (yes there are workarounds for this problem [oh, excuse me, “feature”],  and no I don’t have time to mess with them as I have only so much tech-love in my system to last me through any given day, and anyhow, when the hell am I supposed to find time to write?). The simplest way to handle the problem for the moment has been simply to pull the wiki up by the roots, stash it elsewhere for later more radical surgery — if it can indeed be saved at all — and export the page data to be imported into a less spammable and more encyclopedia-like format (via yet another WordPress installation) at a later date. So this has been done.

But now comes the exciting stuff. Tarballing and gzipping-up the entire installation, just in case anything goes horribly wrong. Tarballing-and-gzipping-up the separate parts of it (because when unpacking it somewhere else later, why get all tangled up in command-line subcommands when you can just say “tar -xvf thiswholedamnthing.tar.gz”?). Taking final backups of both the Drupal install and the WP install. And then — deep breath — pulling the Drupal install out of the root. And (another deep one) moving the WordPress install into the root. (Which is a little bit dicey, but not too much so if you move slowly and carefully and don’t do things in the wrong order.)

And then… more work. Fixing broken links. Fixing crawl errors. Installing 301 redirects for pages that are obsolete or otherwise no longer needed in the new install. Generating a new sitemap. Installing security plugins on all the other WP installs in the domain in the right order. And on and on… And then, when it’s all sorted out, when everything seems to be working, asking Google to please take a look at the domain and see if everything’s okay now.

(sigh) Right now I don’t feel so much like the Wizard heading off in that balloon as I feel like the guy leaving that little wooden hut in Antarctica and saying to his colleagues, “I may be gone for some time…”

See you all on the other side.

You may also like