Website Issue and Security
Discussions (Serious & Trans in the Media) 5 replies 0 likes 0 votes 7 viewsOn Monday, 24th June, we had some website issues, with some users randomly experiencing freezing (time-out) issues. On initial investigation, it was established that security on the server had kicked in, but we were not immediately able to ascertain why. At roughly the same time, we were made aware of further hacking attempts to reset passwords, so the starting working assumption was that these were linked.
Over the last 24 hours, I’ve been working with the hosting provider (WebMate) and Vibralogix (who provide some of the plug-ins used on the site). Our primary concern was security and then fixing the issue.
It turns out the website issue and the password hacking attempts are not linked. Last week, we started transferring files from the previous website host. As part of that process, I made some adjustments to the website. Six days ago, I uploaded a file that contained a small error in the code - this code runs in certain circumstances and was triggered on Monday morning. The security software mistook my “poor” code as a potential attack and stopped it from running, leading to the issues we experienced. My apologies - it was my mistake: a missed typo! I’m grateful to Adrian (from Vibralogix), who ultimately found the error.
Now that the error has been located, it confirms that there was no direct attack on the server and that all data is safe.
However, regular attacks continue, with attempts to impersonate users, login, and reset passwords. All these attacks have failed because of the extra security we employ. Please continue to be extra cautious.
Sadly, while transferring files from the previous host, we found a few files containing malware. We immediately removed these.
If you are experiencing any ongoing issues, please let me know ASAP. Thank you.