Back Home

A while ago I got a notice from Google that my personal website was flagged as a phishing site and had likely been compromised. Weird! I have never seen such an email before and wasn't sure if it was real or not. So I ignored it for a while, like a week or so. But then I decided to checkout my website and see if things are ok or not. I use a hosting company which provides easy to install and manage instances of things like WordPress, which is what I've been using. I ssh'd into my site and looked around and sure enough I saw some strange files and folders that I didn't put there! What the heck!! So I immediately shut down my website and put up a temporary page explaining my site had been compromised and I took it down.

I then took a backup of my whole site directory. I had also taken an export of the WordPress db a while ago in attempts to back it up, and now I am grateful I had that. I then started deleting all the files and folders from my public_html/ dir to clean it all out- getting rid of anything suspicious as well as anything not needed any more. I decided I didn't want to deal with WordPress any more and it's constant attacks and vulnerabilities. So I started looking for a stripped-down alternative, hopefully something in python so I could easily adapt it. I didn't like most of what I found. But I did find some tutorials out there to "learn python by building your own blog". So I figured why not, as long as I keep it simple and try to be aware as I can about vulnerabilities. So that is what I did. I have written a python Flask app for my new site. I took the old WordPress db export (which is a single XML file) and parsed it and imported it all into a SQLite db. I then wrote a frontend app to show the blog from that db. I then wrote an admin management tool for me to add/edit/delete posts. I can create a new post as a draft and then publish it when I'm happy with it. I searched for blog templates based on bootstrap since that is what I've used for several projects and like it. I Found one that I liked and customized it for my use. I think this set up should work ok for a bit. However, I have noticed that it is quite slow. Slow to load all pages, but mostly the main page. There are probably a few factors to this, and I could try to profile it and optimize the slowest portions. But I don't know if that would be worth the effort. I may just end up turning the front end into all static files that are generated by a cronjob or perhaps on demand from the admin tool. We'll see.