HarrisonWest.org Hacked!

You may have noticed that the Harrison West Website was down from December 23, 2011 until January 1, 2012. We decided to take the site down because of a number of technical issues that arose after the site was hacked, including the discovery of a virus that infected the computers of site visitors. (If you visited the site between December 18 and December 23, 2011, please check your computer for viruses.)

On December 20, 2011, a user reported the sudden and mysterious appearance on our site of ads for various prescription medications. We knew immediately that we had been hacked, but it looked like simply changing our access passwords solved the problem. The ads did go away, but we then got a report of a virus that may have damaged the operating system on another user’s computer. We confirmed that visiting the site could lead to an infection, but we couldn’t find any virus files actually on the site that could be responsible.

Our ISP suggested that we upgrade the software we were using on our site and remove any software that we were no longer using. Doing so would plug any vulnerabilities that the virus might be exploiting to turn our site into a conduit for infection. That’s when the fun began. We discovered a large amount of data from previous iterations of the site and began removing it. We didn’t know, though, that our site was cross-linked with one of the old directories, so when we deleted it, we actually deleted the entire site. Fortunately, we were able to resurrect it from a backup and correct the cross-link.

Once we pruned the old content from the site and fixed the cross-links, we attempted to upgrade the software. Despite our best efforts, though, none of the outdated software would update. By December 23 we’d made no progress, and our holiday travel plans dictated that we would have to give up for a couple days. We decided to down the site rather than risk other users getting infected.

In the week between Christmas and New Years, we installed fresh, updated versions of all of our software and migrated our content from the old installation to the new one. After a few tricky hours of correcting hyperlinks and SQL databases and grooming the list of users, we removed the damaged site and transferred the rebuild to it’s new home.

As of January 1, 2012, the site was largely back to normal. We’re still monitoring the site for issues we may have missed—broken links and so on—and are cleaning up a bit of the formatting. If you come across any problems on the site, don’t hesitate to e-mail us at communication@harrisonwest.org.

We’re sorry for any inconvenience that we may have caused by downing the site, but we feel it was the safest course of action, and we’re grateful for your patience while we secured and cleaned up the site. If you accessed the site between December 18 and December 23, 2011, you should scan your hard drive for viruses.

Twitter Digg Delicious Stumbleupon Technorati Facebook Email

No comments yet... Be the first to leave a reply!

Leave a Reply

You must be logged in to post a comment.