I lack other ideas currently, so I'll just type out some things that went wrong and what I learned from them. Here to learn, after all.
The other day, while I was logged in on the server, I somehow managed to kill the GUI on my laptop, hence lost my ssh connection. When I reconnected and evoked who, the lost session still showed up. I felt a little uneasy with that, so I tried to find out how to handle this. Reconnecting turned out not to be possible, so I had to kill it.
$ ps -aux | grep ssh | grep gauntlet listed all ssh processes I started. Comparing the output with that of $ who with special regards to the pts number and the time I found the PID of the lost process and ended it using $ kill -9 PID.
When I redesigned my index.html I embedded two image files, one of which did not show up in the browser, falling back to the alternative text. After double checking the path to the file and making sure the file was actually on the server, I took a look at the access permissions and noticed that the file was rw only for me. Using chmod I allowed others to read the file and the webserver (which, on UNIX-like systems, is treated as a user itself) had the rights to read and display it.
When I'm writing scripts on my laptop, I usually use $ chmod +x file to make stuff executable. When I wrote my online-counter I did the same -- on the server. One or two days after it came to mind that anyone could execute the scripts and mess with the outcome. Nobody did and I did not expect anyone to, but it did not occur to me that security is relevant in other ways here than on my own machine at first.