IndyPlanet and ComicsMonkey are proving to be far more difficult to clean than Ka-Blam was. We’re hoping to have IndyPlanet clean by close of business today. We’re optimistic about that, although in fairness we’ve been hoping to have it back up by close of business every day since Friday. We’re closer now than ever before though. All of the shopping cart related scripts are now clean and we’re focusing on the ancillary areas of the site (most of which are seldom ever accessed by site vistors).
And just by way of clarification … the areas of our domains that were manipulated during the hack were php scripts and html files only. The databases — which contain all of the user information, orders, etc. — are on a separate server and there was never any unauthorized access to them.
So some time in the early morning hours of Thursday our sites were hacked. We’re not sure how they got in or what they were really trying to accomplish other than cause mischief.
Which they did in abundance.
Thankfully — and luckily for us –they also seem to have been somewhat inept. They left their mark on EVERY php and html file on more than a dozen domains, but they also left a pretty obvious trail behind and it doesn’t appear they did any irreparable harm. Still, Thomas and I have both spent the entire day combing through file after file, line by line, deleting the malicious additions made to our code.
We’re still checking, but it appears that we’ve got Ka-Blam.com clean once again. You may still, however, see a malicious site warning from your browser. My understanding is that those can linger until lifted by the third parties that impose them. We’re looking into that now.
In the meantime, we do believe that Ka-Blam is clean once again but if you should come across an sql error please let us know.
IndyPlanet and ComicsMonkey are both still down. We’ll be working on cleaning those all weekend I’m sure. We apologize for the inconvenience and beg your patience.