Clicky Web Analytics

Wednesday, April 6, 2011

RevitCity.com is back... For now?

I received the same email Luke received and many of you may have... Looks like RevitCity.com is back up and running now though...

Dear RevitCity.com User,

Recently RevitCity.com was the victim of a hacker who was able to successfully bypass the security measures we had in place.  After discovering this security breach, we moved as quickly as possible to isolate and contain the problem.   In order to best protect the server from additional harm and perform a full security examination, it was necessary to temporarily take RevitCity offline.

In order to protect your own privacy, it is always a good idea to change your password as frequently as possible.  Although all passwords are protected using an advanced one-way encryption method, it is technically possible that your password was compromised during the security breach, especially if the password is a word that can be found in the dictionary.  Therefore, we encourage you to change your password as soon as possible.  You may change your password by logging in, and then clicking “Edit User Profile” under Member Options.  Alternatively, you may elect to have a randomly generated new password sent to you by going to:  http://www.RevitCity.com/forgotpassword.php

Despite our best efforts to protect the RevitCity.com community from this kind of attack, it nevertheless is a common risk we take by providing a valuable sharing platform, and you take by becoming a member.  Although we cannot guarantee that this will not happen again, we have made extensive security upgrades to the system.

We are amazed at the resiliency and support of our members who, during the short time the website was down, began helping each other on our Facebook page.  For this reason we endeavor to keep RevitCity.com running well into the future.

All the best,
Hiroshi & Jeremy Jacobs

Additionally, there was a new Forum post over at RevitCity.com

I will never understand the motive of some people that they would attack a server, and attempt to destroy computers of people that they don't even know.
We were attacked by an unknown entity that exploited a code injection security hold that existed in our ad serving software. We have upgraded to the newest version of the software, which patches this vulnerability. We have heard reports from various sources that some users may have had computers compromised by malware that was being distributed by this attack. We apologize to the RevitCity.com community that we allowed ourselves to be exploited and used as a vessel of attack on the very users we exist to help.
To any users who’s computer was infected during this attack. There are tools that will help you remove the offending software from your computer. http://www.malwarebytes.org/ is one such software, the free version should remove the software from your computer. In some cases, you may also need to log into the computer as a different user and remove the hidden application data folder under the infected account (ex. C:\Users\Infected User Name\Application Data) to completely remove the offending software.
RevitCity.com has been around for more than 7 years, and this was the first successful attack against our site and I hope that it is our last. We feel that we have in some ways let our community down by allowing the site to be used as a weapon against our users. Again, we apologize to the users, especially the ones that were infected by the attack on our site.