3.0 Outage Due to SQL Injection
July 31st, 2008 by AnnaIn the wee hours of the morning* On the evening of 7/30 a SQL Injection attack occured with our involving a portion of our 3.0 websites. We have found the point of entry and have properly patched it.
The attack caused 3.0 websites to load as a blank screen due to meta tags and/or script tags not being properly formatted/closed.
You have not lost your site or data within you site. The data affected was on 3.0 websites with custom meta tags, and/or custom scripts. We are working to restore the meta tag information from a backup that was created last night. You may need to re-edit/create Custom Meta tag changes made since last night or Scripts you had us add for you since then.
In the meantime, for sites with Custom meta tags or Script which are not loading, manually editing the Meta Tags and Scripts section and checking to make sure that the data is formatted correctly and has all necessary tags and brackets will resolve the issue of “site not loading”. Contact us so we can assist you with this if your site is not loading properly.
Please call us at 866-518-1571 for assistance.
*[Post updated to correct time of incident and which sites were affected]
My site went down last night - about 8pm on the left coast.
It is now nearly 1pm EDT the next day and my http://www.PinehurstListing.com / Pinehurst Real Estate site is still not working properly.
I have http://www.ARES-S.com with a 401 to the http://www.PinehurstListings.com site and it returns that it can not find the site.
When my http://www.PinehurstListings.com does come up it has no color on the homepage - who knows what else is not working.
Good Luck - SQL attack? That can be traced, we’ll see what happens next time.
Don
July 31st, 2008
The AA Blog indicates the virus was introduced in “wee hours of the morning”. Actually, when I arrived home and opened our AA site (www.ireneandjim.com ) at around 7:00PM last evening, we immediately got a message from Windows Live One Care (my anti-virus program) that a Trojan Horse had been introduced by a site (my site) that had just opened. We clicked on the OK “clean/remove/quarantine” button, and Live One Care removed, cleansed or quarantined the virus from my PC. Just to be sure, I closed http://www.ireneandjim.com and re-opened it and got the Trojan Horse virus message all over again. I then checked another site on AA and got the Live One Care message again that the Trojan Horse virus had been introduced to my PC. All this was about 7:00 PM PDT (California time), last evening (Wednesday, 7/30).
Then this morning Thursday, 7/31, 5:30 AM PDT, I tried to open http://www.ireneandjim.com . The site did not open. Instead, I got a blank page with “site cannot be found” message in the upper left hand corner. I checked many other AA sites and got the same results: sites would not open and “site cannot be found” message. Shortly thereafter, I emailed you to notify you of the problem.
Many house hunting consumers are on AA client sites in the evening looking for properties, etc. Many undoubtedly got the Trojan Horse yesterday evening from hundreds or even thousands of AA client sites. If they were smart, the consumers closed the sites immediately (just as we did with our own site), for fear of getting the Trojan Horse virus on their PC. This is not good for the credibility of the sites, the AA client agents or for AA.
I suggest that AA establish a special procedure for such situations in the future. The procedure would call of a special email address and a duty officer for such problems which may occur when AA is closed. Then when an AA client first notices such a problem when AA is closed, the AA client can alert AA (via the special email address). The duty officer would automatically be alerted as soon as the problem is first noticed. The duty officer can go on line to confirm whether it is a valid problem or not. If it is indeed a virus or worm or other such serious problem, the problem can be addressed right away rather than the next morning.
Irene
Irene Chandler and Jim Shultz
858-775-6782
http://www.ireneandjim.com
buylajolla@aol.com
Irene Chandler
July 31st, 2008
Check now Don http://www.pinehurstlistings.com/
I got your custom metas and your CSS from the cache of your site and updated it. It appears correct to me now.
Anna
July 31st, 2008
http://www.JoelHawk.com is still down…:(
Joel Hawk
July 31st, 2008
Mine has been down the whole day. called twice- Marco- was put on hold for 10 mins. Called back & Charlie told me the problem was with ther servers. could be fixed in 10 mins or take 1-2 hrs.
My sit eis still down & this seems to regularly happen to 3.0 users, who BTW have been waiting for the 4.0 for over a year.
There is no mention of this problem on the outgoing mssg for customer service or on the website.
Is it time for us to leave to other providers like Point 2 who can provide reliable service ?
I feel like I’ve overstayed my 5 yr terms of being with AA.
Shalu Thaman
July 31st, 2008
Hi Joel, you should be up and running now
Anna
August 1st, 2008
Hello Irene!
We indeed have a system in place that alerts the on-call personnel cell phones and email addresses. Our IT and Software teams were immediately notified at the time of attack the night before my post. And were immediately “on the job”.
At the time of my post I was under the impression the incident was in the early am, but had been notified later that it began the night before and did not have a chance to edit my post. That is my non-IT person error, but I can tell you that our IT and software teams were on the job immediately.
Anna
August 1st, 2008
We did not have a message on our Support line as not all of our clients were affected. This issue was isolated to a portion of our 3.0 websites.
In addition to the majority of our 3.0 sites being unaffected, our 4.0 and 1.0 sites and associated programs were not involved in the attack.
This blog is our source of news and is part of our website. You can always check here for any Advanced Access information.
Anna
August 1st, 2008