As you may be aware, in the first week of November crafty-games.com was the target of a substantial and malicious hacking attempt which infected our website with malware, resulting in our site being blacklisted by Google (the “Red Screen of Death” you may have seen). In response to this attack, our team took immediate steps to quarantine the site, taking it offline and hiring Sitelock, a renowned internet security firm, to learn what happened, scour the malicious code from our database, and eliminate any remaining vulnerabilities.
After a week and a half of near-constant work alongside our security vendor, we have been declared completely virus- and malware-free by Google. We’ve determined what happened, taken steps to prevent future attacks, and are now looking ahead to what’s next.
- Our site was taken down by an attack called a SQL injection. This type of attack is caused by an automated program (“bot”) that scans for websites with a specific vulnerability in their software (theme, source code, plugins, etc.) and exploits that vulnerability to execute (“inject”) malicious code into the site’s database.
- The SQL injection only wrote code to the site’s database – it did not extract it. Per our security firm’s findings, no crafty-games.com user information or passwords were removed or compromised by this attack.
- Moreover, all credit card transactions through our website have always been handled through a third-party vendor or Paypal. No financial or customer information is or has ever been stored on crafty-games.com.
What Have You Done to Prevent Future Attacks?
We take the security of our site, and that of our users, very seriously. To address these issues, we have done the following:
- To address potential vulnerabilities within our site’s software, we have replaced our former site with this new, up-to-date, and far more secure one. What you see now is only the start of this transition – we are still purging old content from our server and will be bringing vital resources back online in the coming weeks, along with several new features (see below).
- We have purchased an aggressive scanning service from Sitelock to log and counteract any further bot activity on crafty-games.com. This software will be supplemented by a firewall in short order.
- We’ve also performed a long overdue upgrade of the Crafty Games forums. While the forums suffered no attacks, it was worth the extra effort to update our entire web presence. All forum data and user information was preserved in this transition.
Now that the new site is up, running, and secured against future incidents, we’re looking forward to a new and improved crafty-games.com! Some changes you’ll be seeing in the coming weeks:
- A new webstore with the entire catalog of Crafty Games products – In addition to offering all our print and digital products the store will have many new features, including website-exclusive product bundles, sales, and the ability to download your Crafty Games PDFs whenever you like!
- Easier navigation and access to resources – We’re purging much of our old and out-of-date content to make crafty-games.com sleeker and easier to use. Improved search, more current news, and less clutter will make it easier for you to find what you want, when you want it. This new content will come online as we complete various new sections of the site.
- More regular updates – The old site’s technical struggles made posting updates an odious task. With this new site and its features, we plan to make crafty-games.com a more current point for regular news and updates about all your favorite games – and new ones yet to come.
Lastly, we want to thank you, our faithful and supportive community, for your patience and understanding during this debacle. While we’re disappointed and tremendously stressed by this event, we believe the results have put the entire crafty-games.com site and community in a much better and more secure place. We look forward to hearing your thoughts, questions, and comments over on the new Crafty Games forums.
Thanks, and as always, Stay Crafty!
Alex and Pat