About a month ago, the BRC website was hacked. I first noticed it because my Amazon Web Services “instance” (the hosting arrangement) kept cutting out for excess CPU usage. At the time, I knew nothing about it and hadn’t put any analytics on the site.

To fix this, I had to dig into AWS, close down the instance, and restart the instance. When the hack was in play, load times on my site were measured in weeks. Still, I had great traffic for most of the day.

The AWS solution was to buy more CPU capacity, but something didn’t look right. I wiggled into the analytics and found out it was happening between 1-4 AM and that the CPU usage was rocketing right up. Still, AWS said, “Uhh, buy more CPU and it will handle the problem.”

I hired a guru through UpWork to look at it and he said, “Every night between 1-4 AM, bad actors are snatching your website and using it to host nefarious things.”

We made some changes and it got better by pieces. Still, AWS said, “Buy some more CPU, you rusty bucket of bolts.”

It took about three weeks and the consultant re-worked a bunch of things — server side things. Then, he noted that my site was SLOW.

I used GTMetrix to monitor my site and agreed. If you know GTMetrix, you will gag when I tell you that my PageSpeed Score was F- and my YSlow Score was also F-. My site was taking about 16 seconds to load.

Continue reading →