This has been a very challenging weekend for Jay, our very kind site Administrator.
Background:
ClassicCougarCommunity.Com got hacked. One of the plug ins we used to support uploading documents apparently had a security vulnerability. Some one exploited this vulnerability by uploading a PHP file that was labeled as a PDF. Once on the server, it would have allowed them to do lots of very bad things… The first thing it did was to give them Admin access using what we call the God password. By chance, Jay was doing a back up and noticed the rouge file. He immediately started the process to change the God password and while he was in the process, our hacker was busy trying to get in, and exceed the number of attempts before being shut out.
What is coming:
The main site was created using a content management system called Joomla. Over time the version we used has been superseded, and making the transition to the newer versions would have been costly and time consuming. Eventually,l Joomla stopped supporting our version which created the opportunity for security issues. While the vulnerability that got us hacked was not a Joomla problem, we can see the writing on the wall.
We changing the content management system to WordPress. Several things we able to do using Joomla are not available using WordPress. In particular, the gallery on the main site will not be transitioning. NOTE: The gallery on the FORUMS is not effected, and the forums should continue to function as always. If you have images that were stored there, and you need access to them let me or Jay know as we are saving the files, we just don’t have a good tool for moving them to Word Press.
The Documents section will be very different, and we think the new one will actually be much better. (this was the location of the vulnerability in the original site).
As many of you may know I am able to provide this site because I have other internet sites on the same server. As it turns out we had Denial of Service attacks on two of those sites as well, actually taking those sites down over the weekend. We have no idea why we are being targeted. We have block the IP addresses from which the attacks were generated, but we really have no idea if that will prove to be effective.
What we need:
First of all, your patience. I am sure when we begin bring ion the new pages that there will be lots of bumps in the road. Second, we need your feedback. IF you find problems, or just want to comment, let us hear it! I think that posting on the thread here will be the best way to handle this, as we can see if others are experiencing the same issues.
Thanks for reading all of that!