Just wanted to give you another update on the status of the server. We had some down time on Saturday night due to a denial-of-service attack on the host. There was no breach of our databases or information, or risk to users’ computers, but the site was unavailable for about an hour and a half. The host has put measures in place to prevent this from happening in the future.
As it happens, the malware issue last week also affected more than one server in our host’s facility. I honestly don’t know if this is just a string of bad luck for the host or a more deliberate attack on their system, but they and I have been taking the server’s and site’s security to a much higher level.
Thanks for your patience as we work through these issues. We will continue to work with the host to increase security and, at the same time, will do research into alternate hosts. Changing hosts isn’t a trivial move and would likely need a few days’ downtime, so it’s not something to be done lightly. Additionally, no host is invulnerable, so switching hosts wouldn’t be a guarantee of 100% uptime or an end to all malware attacks.
I won’t be making any other major changes to the site in the next few weeks, so we should be in a relatively stable state. That said, if you are experiencing any issues with Forbidden page errors or anything else (e.g., one of our security measures broke the facebook app, but that’s fixed now), please let us know at the helpdesk: firstname.lastname@example.org
ETA ~ steps we’ve taken so far to increase security include hardening PHP in various ways (disabling unneeded functions, changing other PHP settings), using files on the server to prevent certain types of attacks (hence the Forbidden pages that pop up sometimes — again, let me know if they are coming up in error), installation of a cron job to constantly monitor for malware, and router level prevention of denial-of-service attacks. Future steps include more extensive modification of the code to deter hackers, as well as the hiring of a security professional to examine the entire site for vulnerabilities.
Thanks again for your understanding!