Topic: VIRUS on C6VR 14-Jul-2009: PLEASE READ
in Forum: Official C6 Vette Registry News and Information
Already a Member?
Click Here to Login
Not yet a Member?
Click Here to Register for Free!
Standard Member
C6VR Founder
Send PM
C6VR Founder
Eagleville, PA - USA
Joined: 5/16/2003
Posts: 3431
Vette(s): 1979 "Corvette Red" Coupe
Attention All Members:
Either a human, or more likely a computer program, infiltrated this site (and the other VR sites plus TopVetteSites.com and CorvetteClothing.com) tonight around 6:30pm ET, 7/14/2009 using a method called "SQL Injection"
It was done very cleverly, unfortunately, which allowed the attack to work.
What this attack did was update almost every record in every table in the database to include a piece of code that caused a virus to be downloaded to the computer of anyone browsing the site. If you came to any of the above listed sites after the attack occurred, if you had good virus protection installed and running at the time (like I do) you were likely alerted to the issue and not affected by it. However if you were unprotected your computer may be infected and you should immediately run a virus scanner on your system. If you don't have one, I can recommend "avast!" They have a FREE version for home use. You can download it here:
http://avast.com/eng/download-avast-home.html
Unfortunately, the attack was so severe that I had to restore the database from a backup that was made at 2am ET this morning, 7/14/2009. That means that anything anyone has done on any of the sites since then is gone. If you posted any messages or made any changes to anything on the site since that time, it is gone and you'll have to repost messages and redo those changes.
As for going forward, I have made changes to the site code and the database security settings that should prevent this type of attack from occurring again. On the bright side, the last time we had a problem with the database and I had to restore a previous version, the version was much older than 16 hours! After that incident I put a process in place to backup the database daily at 2am ET so the most we'd lose is 24 hours of updates.
Please accept my apologies for any inconvenience this may have cause you and know that I regret not being better protected.
Also, please note that your private information was NOT compromised. This was an attack to UPDATE the database, not READ it.
Thank you for your continued support.
Either a human, or more likely a computer program, infiltrated this site (and the other VR sites plus TopVetteSites.com and CorvetteClothing.com) tonight around 6:30pm ET, 7/14/2009 using a method called "SQL Injection"
It was done very cleverly, unfortunately, which allowed the attack to work.
What this attack did was update almost every record in every table in the database to include a piece of code that caused a virus to be downloaded to the computer of anyone browsing the site. If you came to any of the above listed sites after the attack occurred, if you had good virus protection installed and running at the time (like I do) you were likely alerted to the issue and not affected by it. However if you were unprotected your computer may be infected and you should immediately run a virus scanner on your system. If you don't have one, I can recommend "avast!" They have a FREE version for home use. You can download it here:
http://avast.com/eng/download-avast-home.html
Unfortunately, the attack was so severe that I had to restore the database from a backup that was made at 2am ET this morning, 7/14/2009. That means that anything anyone has done on any of the sites since then is gone. If you posted any messages or made any changes to anything on the site since that time, it is gone and you'll have to repost messages and redo those changes.
As for going forward, I have made changes to the site code and the database security settings that should prevent this type of attack from occurring again. On the bright side, the last time we had a problem with the database and I had to restore a previous version, the version was much older than 16 hours! After that incident I put a process in place to backup the database daily at 2am ET so the most we'd lose is 24 hours of updates.
Please accept my apologies for any inconvenience this may have cause you and know that I regret not being better protected.
Also, please note that your private information was NOT compromised. This was an attack to UPDATE the database, not READ it.
Thank you for your continued support.
in Forum: Official C6 Vette Registry News and Information
SPONSOR AD: (Our Sponsors help support C6VR)