Happy Stitches

Keep your stitches smiling!

My favorite phrase: “There has been a security breach at …” August 10, 2016

Filed under: Computer Security,Guest Post,Uncategorized — codeandknit @ 16:35

There has, in fact, been a security breach at lucyneatby.com.

The sole reason I am only very upset, instead of utterly panicked, is because of a decision made before we even started on this website: we would only ask for registration information we needed. This was: An email address (username) to identify you for access to your Notebook, a phone number to contact you in case your email did not work, and a country name. We would not store any credit card or other such financial information.

The phone number, by the way, can be anything (111-111-1111 for instance) if you do not wish us to be able to phone you!


The Dirty Stuff

As I was doing a look-through of the files on our webhosting server yesterday, I noticed a file I did not recognize. It turned out to be malware. I then checked all the files that run the website and found one that had malicious code inserted. I deleted the file and uploaded a clean copy. So far, so good.

The next thing to do was to look at how this breach could have been accomplished. There were two ways that seemed likely: firstly, our password had been leaked somehow; secondly, there was bigger trouble affecting the entire server (the machine on which websites are hosted–ours being one of many on that server). Just because of the kind of things done, the second scenario appears more likely.


A Good Thing Gone Bad

Our webhosting company was originally quite good, and responsive to our support requests. They were bought out last year by a larger outfit. Response times for service complaints and website function issues have become slower than anything one would consider reasonable. Their responses have often been downright unhelpful, as though nobody there understands how this stuff works!

Their current setup does not allow me to inspect the server security settings, and also does not allow me to tighten up how our files can be accessed. Right now, anyone who has legitimate or illegitimate access to the server can view and mess with ALL the websites on that server. This means that even though I have uploaded clean files to run the website, this person could again break in if they have not lost interest. The upshot of this is that I have begun to search for a new hosting service, one that will allow for better controls and will let us have a virtual machine, ideally at a price a very small business can afford.

I totally understand now why people open up Etsy shops, instead of dealing with the pain of an eCommerce website. There is no such thing as ‘totally secure’.  ALL websites can be hacked, some more easily than others. The question is not one of if, but of when. (With a website, one must have a recovery plan and all the file backups.)


Possible Data Loss

As far as data loss is concerned, there is a possibility that the usernames (emails) and encrypted passwords were stolen.  Unless your lucyneatby.com password was also used for other websites (gmail? bank? …), this should not cause you any concern. I suspect the actual objective of the intruder was to get some juicy credit card numbers.

Even though the only data that could have been accessed was fairly benign, and could be found in a phone book or other public directory, how the scoundrels would use this is to try all the passwords and all the email addresses (using hacking software to eliminate any drudge-work),  and then see if any combinations will allow them access into other sites with more useful fruits than your cache of knitting patterns and videos.

If you have used your lucyneatby.com password on other sites, please go there and set a new password now.



Since I have no way of knowing whether our webhosting provider either knows or cares about what is going on (still no reply from them to my support ticket), there is always the possibility of other mischief.

So, be vigilant and do remember to check your credit card statements and watch out for phishing emails that pretend that an organization (that looks familiar to you) needs you to enter your password on their (faked) website! Those faked emails are getting so good that I have to look twice! In fact, this arrived just an hour ago in my mailbox—Subject:Confirmation of Credit Note of USD 500000.00 vide Credit Note ID 96423500—and the message text contains a link to a  well-faked website login page. If the amount had been something normal (say $5.00), I might have fallen for it, as it looks really good and purports to come from a business I deal with.


6 Responses to “My favorite phrase: “There has been a security breach at …””

  1. Penelope Kostick Says:

    Thanks for the info and thanks even more for being on top of it at your end. Life is hard enough for small businesses, hang in there, you’re doing great. I’d be lost without my Lucy Neatby website. These hackers are beneath contempt. May we all remain vigilant.

  2. Thank you for being vigilant!! We appreciate it!! And grrrrr re hosting…

  3. […] apologize for the unplanned security crisis that interrupted the peaceful progression of these […]

  4. bdk Says:

    I probably would have gone to the “utterly panicked”! Could there maybe be a more trusted web hosting company you could use?

    • codeandknit Says:

      “Utterly panicked” I reserve for:”OMG, there goes everybody’s credit card info, their SIN info, their mother’s banking info, credit-status info, their children’s birth certificates, etc.” 🙂
      The hosting company we are with used to be trusted, but were bought out by a larger, less service-oriented outfit a year or so ago. Moving a website with active databases is not an entirely trivial matter, and neither is finding a good host. We are certainly looking.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s