Okay, this weekend has been a very...frustrating maddening infuriating affair.
After moving everything over to the new hosting, an automatic scan done by them found massive infections in several of my domains. In response, my account was locked and I could access it only from a single IP address so I could access the files and clean out the infections. I had to wipe and reload every domain. I am currently still rebuilding all of the little stuff in my domains from that.
Lessons learned:
1) Make sure all software is up-to-date. That is your CMS (Content Management System, such as WordPress or Joomla!) software, all of the extensions/add-ons you may use, AND the servers software. If any of these are not current you most likely have serious security holes.
2) If you can afford it, use a Virtual Private Server or full Private Server. My domains don’t generate any income, so I can’t afford the $20+/month to pay for a VPS. With a shared server, if one domain on that server isn’t up to date, an attack on that domain can spread to every other domain on that server, even if you’re secure.
3) Backup, backup, backup. Make sure you do regular backups of your configuration, content AND database. If you have all three, restoring will be a whole lot easier. When tape backups was current technology, I would tell my clients rotate three tapes, one on-site, two off-site in different locations, and read from the tapes once a month to make sure the tapes were still good.
4) Know how to recover. Having a backup is useless if you don’t know how to use the files to restore back to your last KGC (Known Good Configuration).
By the way, the Joomla! test site that wasn’t working, is now properly working now that I am using PHP 4.5. I managed to do more with it today than I did with it all last week.