Another update on malware issue

Hi everyone,

I’m posting another update on the malware issue. As of now, the site is clean, but we did have reports of a second wave of infections on Wednesday night. They didn’t last long (about 4 hours), and the server / site were scanned multiple times Wednesday and Thursday night (I closed the site temporarily Wednesday morning as scans were being performed).

At this point, the host has narrowed down the second attack to weaknesses in php. They and I have spent yesterday and today tightening security settings, and combing the code for security gaps and plugging them. If you notice the site acting strangely (especially if it gives you a “Forbidden” page, or if external images aren’t displaying), please let us know at support@hyenacart.com and we’ll fix it as soon as we can. There are a few larger changes that need to be made, and will require fairly extensive code rewrites, so I will update you when those are going out so you’ll understand if you see unusual error messages.

For now, the site is up. As a facebook poster mentioned, we feel it’s best to have it running and watch for further attacks as it sharpens our strategy on how to block them. If we kept the site offline, it would not be possible to determine where to focus our efforts to increase security. If you visit the site *please* ensure that your operating system is completely up to date and you have strong antivirus software installed. Things can change moment to moment. As mentioned, at this particular moment, the site is clean, and we are making changes throughout the course of the day to tighten security, but that does not guarantee there will not be a virus in the next moment. I know that’s not totally confidence inspiring, but it’s actually the case for any site you currently visit on the web. There are no guarantees of security on the internet, but please know that we are doing our best to make Hyena Cart as secure as we possibly can.

Also, note that more frequent updates are being made on the Facebook page.

2 Replies to “Another update on malware issue”

  1. Oh no! But I am about to stock my first real stocking and I need customers on here! My rent is about to be due 🙁 Did you get my email? I tried to tell you that blocking that IP address would be pointless because hackers usually just attack again with a different one via a different route. My husband is a computer tech (for all areas) and would be able to get this taken care of. Also, with you posting about ‘how’ it’s being addressed, I would think the hacker would change it’s tactics to go around that. So you probably shouldn’t post about how it’s being done, just that it is to be safe. I have just seen this SOOO many times(I have gone on a lot of jobs with hubby before) Anyway, as I said before, even if you don’t use my hubs, you should get a private technician that is really good since you have such a big thing going here with all these people counting on your sight to get their bills paid. It’s very important. Just a side note, my hubby will beat ANY price you can find.

Leave a Reply

Your email address will not be published. Required fields are marked *