Blend Swap Hacked!

So over the weekend we received notice from our host and Google that our site had been compromised. After further investigation we found that spammers where cloaking off our website. Upon finding this out we immediately took the site offline and started trying to fix the issue, this involved resetting admin passwords, resetting database usernames and passwords, a complete wordpress reinstall and turning off the sites more advance features including AJAX dependent features, like the downloads serving scripts that became broken for a reason still unknown to us.

We are also having issues with AJAX run operations on the backend, which is why no new models have been published. We are working on first finding the vulnerability that was used in exploiting the site. After we have identified that and fixed it we will start working on getting everything back up to running 100%. We don't have any reason to think any of your personal info was compromised in this attack, but we do recommend you guys to pick another password[*].

We have to admit that our expertise in this area is lacking, and Jonathan is asking for anyone with server knowledge and/or advanced knowledge of Wordpress, PHP and MYSQL security to drop us a line in the comments if your willing to help us figure this out.

On a personal note I want to apologize for the last couple of months, with server issues and now this I know that your Blend Swap experience has probably not been great, and I am very sorry for that. We are working through some very serious growing pains because you are all so active with the site, which is great, but at the same time, this much activity pushes the server to its limits. I take complete responsibility for these issues and I apologize to all you guys.

We are working hard to give you the best experience on the site, and I know that hasn't been happening as smoothly as we'd like it to, I hope you guys bare with us as we try and elevate these issues. Our goal is to make your experience here great. Period.

We will be updating our twitter feed more often then the website with our progress. If you want to know what's going on, that will be the best way to get info quickly.

matthew/mofx

[*] To reset your password, first log out of Blend Swap; click the login button and then on the blue "Lost your password?" button; you'll be taken to a single field form asking for your email. Enter your email and submit the form, you'll receive an email with a verification link; click on it and fill the passwords fields the site presents you. The strength meter helps you determine how secure your password is. Choose a strong password.

Edited January 27, 2013 by mofx

Comments:

There are no comments yet, log in to add one and start a discussion. Make someone feel good today!