July 23 Update

Hi all,

Just wanted to give you another update on the status of the server. We had some down time on Saturday night due to a denial-of-service attack on the host. There was no breach of our databases or information, or risk to users’ computers, but the site was unavailable for about an hour and a half. The host has put measures in place to prevent this from happening in the future.

As it happens, the malware issue last week also affected more than one server in our host’s facility. I honestly don’t know if this is just a string of bad luck for the host or a more deliberate attack on their system, but they and I have been taking the server’s and site’s security to a much higher level.

Thanks for your patience as we work through these issues. We will continue to work with the host to increase security and, at the same time, will do research into alternate hosts. Changing hosts isn’t a trivial move and would likely need a few days’ downtime, so it’s not something to be done lightly. Additionally, no host is invulnerable, so switching hosts wouldn’t be a guarantee of 100% uptime or an end to all malware attacks.

I won’t be making any other major changes to the site in the next few weeks, so we should be in a relatively stable state. That said, if you are experiencing any issues with Forbidden page errors or anything else (e.g., one of our security measures broke the facebook app, but that’s fixed now), please let us know at the helpdesk: support@hyenacart.com

ETA ~ steps we’ve taken so far to increase security include hardening PHP in various ways (disabling unneeded functions, changing other PHP settings), using files on the server to prevent certain types of attacks (hence the Forbidden pages that pop up sometimes — again, let me know if they are coming up in error), installation of a cron job to constantly monitor for malware, and router level prevention of denial-of-service attacks. Future steps include more extensive modification of the code to deter hackers, as well as the hiring of a security professional to examine the entire site for vulnerabilities.

Thanks again for your understanding!

3 Replies to “July 23 Update”

  1. Whatever you do, please get this taken care of. I really need my store! I’m worried that this keeps happening because there is another type of denial of service attack I’m afraid of, here is an explanation of what it is and what this jerk can do if you are not prepared:
    A permanent denial-of-service (PDoS), also known loosely as phlashing,[9] is an attack that damages a system so badly that it requires replacement or reinstallation of hardware.[10] Unlike the distributed denial-of-service attack, a PDoS attack exploits security flaws which allow remote administration on the management interfaces of the victim’s hardware, such as routers, printers, or other networking hardware. The attacker uses these vulnerabilities to replace a device’s firmware with a modified, corrupt, or defective firmware image—a process which when done legitimately is known as flashing. This therefore “bricks” the device, rendering it unusable for its original purpose until it can be repaired or replaced.
    The PDoS is a pure hardware targeted attack which can be much faster and requires fewer resources than using a botnet in a DDoS attack. Because of these features, and the potential and high probability of security exploits on Network Enabled Embedded Devices (NEEDs), this technique has come to the attention of numerous hacker communities. PhlashDance is a tool created by Rich Smith (an employee of Hewlett-Packard’s Systems Security Lab) used to detect and demonstrate PDoS vulnerabilities at the 2008 EUSecWest Applied Security Conference in London.[11]

  2. Also, please check your computers for root kits. The hacker could have implanted these into your computer or the server and the attacks can be coming straight from that without the hacker having to do anything. Don’t use Norton or McAfee they won’t detect everything and can be used themselves as viruses. I suggest trying Housecall(trendmicro.com) and Malwarebytes(malwarebytes.org) together. and if you still don’t find anything use rootkit buster(also trendmicro.com) They are all free but they are the best free cleanup tools you can get.

Leave a Reply

Your email address will not be published. Required fields are marked *