Recovery report

For certain definitions of “grown”

Today I called my webhost (Lunarpages) and got to talk to a person (unlike over the weekend, when all I could get was a recording.) They helped me fix stuff. Here’s the results:

Images: Every image I ever posted was intact, except for the lighthouse banner. The hackers didn’t get into any folders besides the /heartscontents one, so no work was needed.

Permissions: The hackers had changed the permissions of the files in the /heartscontents folder so that I couldn’t overwrite or delete the hacked files. The Lunarpages tech restored my permissions and I was able to get rid of all those files and replace them with a notice.

Email: I couldn’t send or receive emails from addresses for a while. I got messages like “550 verification failed” and “send limit reached”. I was suspecting that the hackers had turned my email into a spam-sending robot, but that probably wasn’t the case. My email capabilities have been restored, but I’ll keep using my Yahoo address as my primary email and as the email of this blog. Those who have been trying and failing to email me can try guuonearth (at) yahoo (dot) com. It worked for one of my friends who was having trouble reaching my old address.

Database: The database is recoverable (they could restore it from backups), but it would cost $75 per hour.

It seems like I could have made a full recovery if I was willing to pay for it. Big props to Lunarpages for actually keeping regular backups of both the database and the files. If Heart’s Content had important business data, I’d be glad to hand over that money for the recovery. Unfortunately, I’m cheap, and I also like the chance to start fresh, erasing all the mistakes I made during the almost two years that this blog has been operational, and promising never to repeat them. Every post on the old blog has been read by its intended audience during the time that its information was relevant. I’ll only restore the posts I have to, such as the Miao Diary ones.

For some reason, the old blog isn’t worth $75 to me. If I had lost all the images as well, then maybe I’d think about it. Apologies to Author (who was so kind as to send me a text file of the blog posts from his reader) and everyone else who lost their links to Heart’s Content. For the community’s sake, I can and probably should do something to recover the lost blog, but for some reason, I who am normally diligent can’t seem to be bothered in this case. Maybe it’s because I would rather spend my time creating, rather than restoring.

The end of Miao Diary and the start of a new project

Come this March, upon finishing Miao Diary and taking care of some old debts like the Ravnica series, I’ll be a free agent. People have started asking me if I want to illustrate their project next.

The last collaboration I worked on was never completed.

I’m in demand probably because I’m at an odd skill level where I’m good enough to stand out from among the beginners, but I’m not yet good enough that a company would hire me or people not named Stripey would buy my full-color artbook if I made one. (Case in point: if I offered commissions for US $5 per hour, which is below Washington State minimum wage, none of my readers would be willing to pay.)

So people who think they have a project that suits my taste enough for me to work for free have started pitching their work to me. If they can offer me enough enjoyment such that it would be the only payment I need, then my skill is enough to make them happy. After I finish the Ravnica project (there are still two main characters left to design as well as one of the old characters who needs to be redesigned) I’ll have to decide which offer to accept, or whether I would just work on a project of my own creation.

But that’s not my concern right now, because finishing Miao Diary is my priority. I promise to repost Miao Diary in its entirety when I complete Chapter 4. There will be a preview and a release date announcement this Sunday, 15 February.

14 Responses to “Recovery report”

  1. Samu-kun says:

    It’s good you got your old pictures back, but they were going to charge you $75 an hour to recover your blog? Shesh… Capitalism is a harsh mistress, ain’t she?

  2. So, which WordPress plug-in are you considering for nightly server-stored and e-mailed back-ups?

  3. Sixten says:

    @Christopher: I’ll admit I didn’t consider backups before you asked, but since I’ve promised not to repeat mistakes, I went and found a means to backup. I don’t know about nightly scheduled backups, but since I post about once a week, a weekly, manually triggered backup should be fine. I got the WordPress database backup from Il Filosofo, and as of this writing the blog you see has been backed up and restored with phpMyAdmin as a test. As you can see, it’s like nothing happened.

  4. The number 1 priority is to figure out how the bastards got in, and to make sure they don’t do it again.

  5. Author says:

    I bet it’s an SQL injection of some kind. It’s one of big reasons I don’t have comments on my own blog.

    About backups, Ani-nouto, for instance, is backed with what amounts to mysqldump –add-drop-table | bzip2 (just to address Chris’ comment). I do not trust plug-ins, they often carry their own security issues with them.

    BTW, has nobody noticed that the lead picture has different, sam-width lines from usual? It cannot possibly be pencil.

  6. Sixten says:

    @Steven: Yeah, I think it was pretty stupid of me to wipe my WordPress folder and drop the hacked database without asking support to investigate the cause of the hack. Now I can’t get that information without paying for it. I’ll just have to assume that the hackers used an exploit in an old version of WordPress (which I did not update even once since I started the blog in 2007) and I should make backups and update WordPress regularly to stay safe. And even if I lose data again, the only things I really invest myself in are the drawings, and I can surely keep my files and originals safe.

    @Author: The picture at the top of the post was drawn directly in Photoshop as an experiment. It didn’t turn out so well. The straight lines were created using the Shift key + brush tool combination that allows you to create a line by clicking a start and end point.

  7. Ben says:

    Welcome back Sixten, good to see that the hack doesn’t look like it has discouraged you from keeping up with the blog in general. Really looking forward to the last part of Maio Diary 🙂

  8. And even if I lose data again, the only things I really invest myself in are the drawings, and I can surely keep my files and originals safe.

    There’s “customer good will”. When people have all their links to you die by link-rot, they’re less inclined to link to you in future. One time, it probably won’t matter. But if it keeps happening, you’re liable to fall off the radar. (I’m not threatening you, I’m just trying to point out something you may have overlooked.)

  9. Sixten says:

    @Steven: Stripey emailed me and said that he once lost his blog data but was too cheap to pay his host to restore it – and he regretted it later. I’ve already made up my mind not to get Heart’s Content back. But in keeping with my promise to not repeat the mistakes of the first time, here is another promise, should I get hacked again:

    1) I will not touch anything until my host at least tries to find out what vulnerability was exploited.

    2) Should I prove unable to restore from my weekly backups, I will pay my host for a restore from their backups.

    These are in addition to keeping WordPress up to date and continuing to back up (which I will do weekly, on Sunday evenings) from now on.

  10. Hinano says:

    Sorry to hear that although I can’t say that I don’t know what getting hacked/DDOS feels like. ^^; It’s good to start over sometimes…good luck with everything.

    p.s. join pixiv 😉

  11. “a weekly, manually triggered backup should be fine”

    This is almost asking for trouble. I can recommend a couple of WordPress plug-ins that I use (I use two, in case there’s a problem with one, which has happened due to my not setting permissions on a specific folder after the latest WordPress upgrade).

    Author makes a good point about plug-ins and security issues, so if you know how to handle it, I’d say a cron job to mysqldump/bzip2 (as per Author’s comment), and then e-mail a copy (it does no good to keep the back-ups on the same server if the server gets hacked and wiped out).

    If you can keep up the weekly back-ups, then I say more power to ya’ there. I know I’d never be able to remember it. If you miss just one back-up along the line, though, I’d consider looking into an automated solution.

  12. Sixten says:

    @Hinano: But Pixiv doesn’t have an English version. Why would I sign up for a site I can’t read?

  13. Hinano says:

    NOt being able to read Japanese doesn’t stop half my friends list from joining. Or I guess you’d rather stay at deviantfart where they encourage art theft and tracing.

    Ok, wakarimashita~

  14. renpytom says:

    (Case in point: if I offered commissions for US $5 per hour, which is below Washington State minimum wage, none of my readers would be willing to pay.)

    That may be true, but it’s also missing the point. When I commission art, it’s by the piece, not by the hour. I don’t know offhand if it would take you 30 minutes or 12 hours to finish a piece. Your best bet would be to set fixed prices, or at least negotiate a price per piece or set of pieces in advance.

    You also have the issue that your characters all look very young… even the adults… which limits the potential market when it comes to game art. This isn’t disqualifying by any means, but it does mean that projects appropriate to your style will be more rare.

Leave a Reply