Dear Members,
I wanted to provide further information on what exactly happened to cause the site to be compromised and the events that have been taking place over the past day or so.
It appears my own personal computer became infected by a virus; this was possibly picked up when I visited a food magazine website that I go to from time to time.
This particular virus searched my computer for any FTP programs installed. Most normal computer users do not have an FTP program installed, however website owners usually do. FTP programs are used to upload and download website files.
http://en.wikipedia....ansfer_ProtocolOnce the virus found the FTP program on my PC it grabbed my saved username and password giving the hacker free access to download files from the site, insert their malicious code and re-upload the files. They did this to almost every file on the site.
I was first notified by Charles C and Zeeshan who had come across the malicious authentication page when trying to post on the forums. As soon as I was notified I immediately took the website and forums offline.
Next I cleaned my PC of the infection with various anti virus and malware tools, changed my passwords for FTP (I do not leave them saved in the program now), and all of my other site admin and website control panel passwords.
I then uploaded a back up of the site from a couple of days ago. Fortunately the web hosts have an extremely good back up and security system.
I have now also subscribed to a monitoring service for the website which carries out regular scans of our site for malware and provides me with instant alerts of any malware activity such as file changes.
http://en.wikipedia.org/wiki/MalwareI have changed all of my passwords a second time.
I do not think we were targeted specifically and I’m not even sure what this virus was attempting to do. I attempted to make a test purchase through the store and everything worked fine with no redirects or anything, the only evidence of the hack was the authentication login when trying to make a post on the forums and the only details to enter there would be a username and password, which in the case would just allow the hacker to post on the forums; unless of course they got hold of my login details.
The main purpose of this kind of attack is normally to propagate a virus onto visitor’s computers or to redirect visitors to malicious websites or to try and steal personal information such as credit card details. It appears none of these happened in this case. Maybe we caught it early enough.
In a funny kind of way if the authentication page was not there maybe it would have gone undetected for a long time. This could have been catastrophic as Google would have found out quite quickly that our site was infected and we would have been blacklisted by them, in other words we would have been dropped from their search results and many years of hard work would have been lost. It could have been the death of us or at the very least it would have been a major set back.
As a reminder if anyone did enter their details into the authentication form please change your forums password immediately. As a further precaution I would advise any member who visited the site between the hours of Saturday 1.00 a.m. to Saturday 1.00 p.m. GMT to carry out a virus and malware scan of their computer.
If anyone has experienced anything out of the ordinary whilst browsing the site please let me know and I ask everyone to be vigilant and report anything that does not appear normal.
Apologies for any inconvenience caused.
Regards,
Simon