We’ve Been Hacked!

Yesterday we did not post an article on to the site which is not like us as we always attempt to post one every single day. The reason for this is that we identified that both Aquarists Online and Aqua Compare had been hacked.

We noticed on Sunday morning that traffic to these sites was considerably less than it is normally. At first it was perceived that this might be just one of those things however on closer inspection we were getting about 5% of what we normally receive!

This alerted us to the fact that something must be wrong. The logs were trawled through to try and work out what whas wrong and eventually it was noticed that some files had been modified and looking at the time stamp on the relevant files they were that morning which was strange as nothing had been done on the site.

Upon looking at the files some strange lines of code had been added which basically appeared to be attempting to redirect any traffic from search engines etc to another site. Looking at the logs though it looks like the redirection was not working as an exception error was being reported.

The offending lines were removed and we thought that this was the end of. A couple of hours later the lines were back which was strange as according to the permissions on the files they should not be able to be modified. At this point the lines were again removed and our hosting company engaged. They investigated the problem and found some security holes somewhere on the system – I am not sure if these are security holes on the server on in the website code. I am presuming the first one as both Aqua Compare and Aquarists Online were effected.

Anyway the hosting company has removed these holes and also implemented new protective firewalls on to the server so touch wood this should not happen again.

We have checked all of Aquarists Online and are not able to see any adverse effects however some areas of Aqua Compare are not working as expected so we made the decision to upgrade the software behind the site as a new version had been released. This is under way and the site will be back to full operation soon.

I really do not know why people do this type of thing. Perhaps they are trying to steal other peoples traffic or perhaps they are doing it out of spite. I don’t know but it really annoyed us. After all we do not hold any personal information, any credit card information etc. We are simply a website who are trying to provide a service to other aquarists all over the world.

I have to admit that a few times throughout the day I thought to myself – ‘why do we bother when this type of thing happens’ – to be honest the language was a bit stronger but you get the point.

Anyway that thought did not last for long – we are back and hopefully this will not happen again.

Apologies to our readers for the inconvenience caused by this.