Home page
  Home Page   Contact Us   Our History   Advertise with Us   Sponsor List   Link to Us   Compare Levels   Member Agreement   Privacy Policy   About C4VR
  Community Forums   Active Threads   Forum Search   Top Posters List   Private Messenger   C4VR Email System
  Members Vettes & Pictures   Member Stories   Member Stats   Real Time Member Map   Member Search   Member Calendar Entry Form   Who's Online
  C4 Registry Data   C4 Corvette Statistics   C4 Corvette Tips & Tricks   C4 Corvette How-Tos   Corvette Club Listing   Corvette Event Listing   Mechanic Directory   Corvette VIN Decoder   Save the Wave   Corvette Emblem History
  C4 Corvette Parts Auctions on eBay   Corvette Books   C4VR Member Name Badges   C4VR In-Stock Apparel & Accessories   C4VR Custom Apparel & Accessories @ Zazzle   C4VR Window Stickers   C4VR Member Calendars   Shop Amazon.com
SPONSOR AD

Support our Vendors!  |  Advertise Here

Topic: VIRUS on C4VR 14-Jul-2009: PLEASE READ

in Forum: Official C4 Vette Registry News and Information


Already a Member?
Login
Not yet a Member?
Register for Free!

New Topic New Topic
Post Reply Reply
New Poll New Poll
Search Search
Hide Signatures
VIRUS on C4VR 14-Jul-2009: PLEASE READ (1/1)
 7/14/09 11:19pm
Adam Wartell
Standard Member
C4VR Founder
Send Private Message

Eagleville, PA - USA

Vette(s):
1979 Corvette Red T-Top

Joined: 3/18/2009
Posts: 4809

Attention All Members:

Either a human, or more likely a computer program, infiltrated this site (and the other VR sites plus TopVetteSites.com and CorvetteClothing.com) tonight around 6:30pm ET, 7/14/2009 using a method called "SQL Injection"

It was done very cleverly, unfortunately, which allowed the attack to work.

What this attack did was update almost every record in every table in the database to include a piece of code that caused a virus to be downloaded to the computer of anyone browsing the site.  If you came to any of the above listed sites after the attack occurred, if you had good virus protection installed and running at the time (like I do) you were likely alerted to the issue and not affected by it.  However if you were unprotected your computer may be infected and you should immediately run a virus scanner on your system.  If you don't have one, I can recommend "avast!" They have a FREE version for home use.  You can download it here:
http://avast.com/eng/download-avast-home.html

Unfortunately, the attack was so severe that I had to restore the database from a backup that was made at 2am ET this morning, 7/14/2009.  That means that anything anyone has done on any of the sites since then is gone.  If you posted any messages or made any changes to anything on the site since that time, it is gone and you'll have to repost messages and redo those changes.

As for going forward, I have made changes to the site code and the database security settings that should prevent this type of attack from occurring again.  On the bright side, the last time we had a problem with the database and I had to restore a previous version, the version was much older than 16 hours!  After that incident I put a process in place to backup the database daily at 2am ET so the most we'd lose is 24 hours of updates.

Please accept my apologies for any inconvenience this may have cause you and know that I regret not being better protected.

Also, please note that your private information was NOT compromised.  This was an attack to UPDATE the database, not READ it.

Thank you for your continued support.
Reply Reply
Quote Reply w/Quote
Our Sponsors help support C4VR