This website had been down for a while. It was blocked by some safe-surf services, as there was some suspicious code in the PHP files of the blog system, I was using.
Unfortunately, I had no time to deal with this issue earlier, as I'm quite busy with a number of projects. Here is what I did, finally.
- Getting rid of the old system. Apparently all PHP files were infected with malicious code. As all the information posts are stored in the data base, deleting the PHP files was no big deal.
- Migrating to a server supporting the latest WordPress version. I love WordPress. It's neat, easy to use, it's easy to customize ... And has some real advantages when used as a small scale CMS. It meets my expectations and needs exactly.
- Setting a mile-long FTP password using all kinds of special characters. There are scripts doing that for you. I added some own characters at random points to "beat" the randomization algorithm. This password will be changed at a regular base.
- I sat down and made a list of plug-ins and widgets, I need. These were installed. Not more, not less. I also tried to choose wisely by reading all the comments. If it was mentioned that this might contain malicious code, I didn't install.
- Monitoring. Apparently, google is one of the providers, who check for malicious code. Therefore, I use their webmaster tools to monitor my page. As soon as something fishy happens, I get a notice and can take action.