Webmaster (Craig Steffen)
Thanks to the hosts for this year’s conference! Thanks for everyone who volunteered for the February 20 Zoom shakedown test. The conference is better for all of you. Thanks for everyone who’s attending.
Executive Summary: Web site got hacked again. However, our hosting company was great, and shut down the site immediately. Webmaster had to scramble a bit to get the site repopulated, to get registration set up, and then that failed, and then get a different registration set up again. People were able to register, at no point was any actual financial information in danger. The end result is the webmaster has had kind of a yucky week, but we are in a much better position website-wise then we were two weeks ago. And all the work for the virtual conference was finished and tested two weeks ago, so the conference is full speed ahead.
Long version: We got hacked. I don’t know how it happened. It’s possible that it’s because the Square (credit card payment company) library went out of support in June of 2020 and I hadn’t realized that.
When the web site got hacked a couple of years ago, it’s not not entirely clear who did what. It’s possible that the site was broken into by outside forces. It’s also possible that our host themselves was injecting the hostile traffic themselves in order to sell us expensive security services. In any case, they were super-unhelpful and wouldn’t just delete the site so that we could rebuild it. That’s why we dumped them. It’s possible there was a hostile intrusion, or also possible that the host was just scamming us. This recent hack was definitely from outside, and definitely had hostile intent. It’s not clear if they were interested in financial information we had; it’s entirely possible they just wanted to use us as a host to spread malware. The host company shut it down *really* fast; it’s possible that the site served zero malware.
Our internet hosting comany, inmotionhosting.com, was great. They pulled the site and isolated the files, and sent us an email. I don’t check the KPA email address every day, so the first I knew of it was someone pinging me over email saying they couldn’t register. Inmotionhosting’s chat support was super-helpful and responsive. We got a web site back up in a few hours, then I had to try to get registration up. To do this, we completely re-installed WordPress from scratch. While doing so we added several security features. All accounts logging into the WordPress admin now have 2-factor authentication. We have ssl on all pages. We will set all the modules to auto-update.
After getting the basic site up, I tried to put back up the old registration system (carefully checked to make sure the files didn’t contain any of the hostile code). Because Square’s library had expired last June, I pulled in the new version of their library, which I couldn’t make work, after working on it for like a day and a half. When things settle down, I’m going to spend some time making sure that they know that their current library for working with php is just broken.
After that failure, I decided I would just use a WordPress module that worked with Square payments to do the registration. I spent time and $49 to buy the forms from “WP EasyPay”. I set up a registration with that, that seemed to work, and I know one person successfully used it. Working with another programmer, I figured out a way to make the form better, so I made a couple of tweaks, and left it. Unfortunately, somehow, that made the forms not work , and credit card payment always froze and never completed. I tried to fix it several ways, including completely removing WP EasyPay form the site and reinstalling it. It never worked again. I’m going to try to get the $49 refunded.
So the week immediately proceeding the conference, I set up yet another registration form with a different form system called “wooCommerce”. That’s much more complicated, but it’s worked consistently. So that registration is up and so far it seems to be registering people successfully. While I would have rather not had to deal with all of this in a hurry right before the conference, the net result is that the web site is far more secure now, we have a lot more knowledge about registration system based on readily available components (rather than the hand-crafted registration system we’d been using before). This is good for year-to-year continuity, and for security, especially for the prospect of me handing off webmaster duties to someone in the future who’s not a programmer. That’s possible at this point, whereas it wasn’t a month ago.
The really good news amongst all of this is that more than a month ago, we’d gathered a group of people to be in charge of the sessions at the virtual conference, and we’d set up procedures, and trained people on those procedures, and had an all-up test on February 20th where we had mock sessions and everything worked as expected, and we got to tweak our instructions and documentation. Thanks to everyone who participated in the testing day. That definitely helped the conference run more smoothly. And that was all done before the web site problems, so we didn’t have to be doing final prop for the virtual conference while dealing with registration, because the prep was already done.
If you have any questions, please feel free to contact the webmaster at firstname.lastname@example.org
Treasurer’s Report (Shayne Confer)
- * We are solvent and our finances are stable; more details below if you are interested, but we have essentially held steady since 2019.
- * There are no costs associated with KPR this year.
- * I will repeat the concluding question of David Powell’s Treasure’s Report from last March: does anyone know anything about a CD that accrued $62.96 this year? More specifically, does anyone know our tax status regarding interest income accrued from said CD? If you have information on either item, please contact me at email@example.com
Balances as of last statement:
Checking: 2780.47 (-1497.57 from last year at this time)*
Savings: 7159.96 (+7.17)
*Last year’s checking account appears swollen because it included the registration and banquet fees paid to attend last year’s conference but had yet to deduct the biggest expenses of the conference; the entirety of our expenses since that report was the catering bill at Campbellsville and the cost of the KPA website. Our current balance does NOT include the registration fees we have collected for this year’s conference, nor the minor costs we have incurred, as neither of those are final as of my writing on March 1; however, we seem likely to come out ahead by around $200, give or take. That will plant us right around the $2900 mark, which is almost exactly where we were at this point in 2019.
KPR Editor’s Report (Karen Taylor)
The past year’s change in submission guidelines, which allowed any person who presented at the conference to submit their work to the Editorial Board for consideration seems to have worked quite well. We had more submissions than would have been yielded by the “Best of Session” approach, and papers were read and edited by KPA members who were more closely tied to the authors’ fields than used to be the case when the session moderators controlled the first level of submission. As a consequence, the number of articles and creative works in the journal has increased and quality has not been sacrificed. We will continue to use this open submission approach for the foreseeable future.
Earlier this year, the Executive Board agreed on a modified version of the Kentucky Philological Review due to the pandemic and the fact that we would not be able to hand out physical copies of the KPR at our annual meeting.
Exceptionally, Volume 35 (which includes the Presidential Address, critical papers and creative work from the March 6-7 2020 conference at Campbellsville University is currently published on our website in PDF format, so that contributors have a way to access and reference their published work this year.
Next year a double, paper version of Volumes 35 and 36 (the latter containing the Presidential Address, critical papers and creative work from the March 6 2021 online conference Hosted by Lincoln Memorial University) will be published and distributed in person at our 2022 conference.
This means that there are no costs associated with the KRP for this fiscal year.
Many thanks to the Editorial Board members who did a fantastic job during such a difficult year, to the contributors who submitted and edited their work in such a timely fashion, and to Jalyn and Olyvia, my editorial assistants, who worked long and hard during the academic year, and also over the winter break.