|
16 August 2008 SCB Website Under AttackDear SCB website visitor: As many of you may be aware, the SCB websites experienced unusual downtime over the last few weeks. Our websites are now live and available to serve you; however many pages are still offline and will not load correctly (you will see an error that reads " The filename, directory name, or volume label syntax is incorrect" -- we are aware of these problems. We wanted to follow up with an update on what caused this outage and what we are doing about it. We temporarily took our websites down after experiencing instability within our web pages. We soon learned that this instability was due to a SQL Injection attack. These types of attacks are known to exploit website vulnerabilities with the intent of distributing viruses and malware. While we do not have any specific evidence that malware or viruses were actually distributed, we strongly recommend a series of security measures listed below for anyone who uses the internet regularly. Recommended steps:
Our team is working diligently to promptly identify and fix this issue. We have now implemented a solution to examine all incoming traffic and reinforce our current defenses. We also instituted increased system monitoring and are pleased to report that our solution has remained effective. Going forward, we are engaging outside experts for a security assessment to ensure we can be as proactive as possible in fending off these types of attacks and others. We take this issue, and your security, very seriously. If we can answer any questions, please write to us at webmaster@conbio.org. We apologize for this inconvenience and are working diligently to bring all SCB resources back online. Best wishes, Alan D Thornhill, SCB Executive Director |