I’m posting another update on the malware issue. As of now, the site is clean, but we did have reports of a second wave of infections on Wednesday night. They didn’t last long (about 4 hours), and the server / site were scanned multiple times Wednesday and Thursday night (I closed the site temporarily Wednesday morning as scans were being performed).
At this point, the host has narrowed down the second attack to weaknesses in php. They and I have spent yesterday and today tightening security settings, and combing the code for security gaps and plugging them. If you notice the site acting strangely (especially if it gives you a “Forbidden” page, or if external images aren’t displaying), please let us know at email@example.com and we’ll fix it as soon as we can. There are a few larger changes that need to be made, and will require fairly extensive code rewrites, so I will update you when those are going out so you’ll understand if you see unusual error messages.
For now, the site is up. As a facebook poster mentioned, we feel it’s best to have it running and watch for further attacks as it sharpens our strategy on how to block them. If we kept the site offline, it would not be possible to determine where to focus our efforts to increase security. If you visit the site *please* ensure that your operating system is completely up to date and you have strong antivirus software installed. Things can change moment to moment. As mentioned, at this particular moment, the site is clean, and we are making changes throughout the course of the day to tighten security, but that does not guarantee there will not be a virus in the next moment. I know that’s not totally confidence inspiring, but it’s actually the case for any site you currently visit on the web. There are no guarantees of security on the internet, but please know that we are doing our best to make Hyena Cart as secure as we possibly can.
Also, note that more frequent updates are being made on the Facebook page.