Welcome Message

Thanks for stopping by the Latter-dayVillage blog. The website is currently offline, so this is the best place to find out what's happening, order some of our most popular store items, and find out how to get the material you have subscribed to at LDV.

Tuesday, July 13, 2010

Where the heck has LDV disappeared to???

During the renovation at our regular website, l a t t e r - d a y v i l l a g e dot com, I am using blogspot to keep in touch with our subscribers. Site security issues rendered the website out of commission for the time being. We are building a new site from the ground up because the original site was so vulnerable and so complicated, that it has been impossible to secure it or quickly rebuild it. I am not sure if there is someone who specifically wants to ruin our website or if in general, hackers found it an easy target with their sneaky methods for exploiting e-commerce websites, but either way, the site has been compromised and it seems that whenever we figure out how to eliminate one threat, within an hour or two, a new attack finds a new way in to mess things up.

HACKING 101
The reason this is possible is that the site was not originally set up to be what it has become. Add-ons were rigged to the original site, one after another over many years of time, and due to its complexity, the site uses many scripts that hackers have learned how to take advantage of. Each add-on created more vulnerabilities. Hackers know what to look for and send little robots out on the internet searching for sites using various e-commerce software versions with identifiable file names - and they have created little programs that know where to get in and damage a website. Software developers keep creating security patches and new versions of their programs to eliminate such vulnerabilities, and website owners have to be vigilant about keeping the latest patches and version updates installed.

Our website was set up by my deceased partner who kept integrating new features to the site over many years - and he had it configured in a way only he understood. If he had some measures for keeping the site secure, he took them to the grave with him. Often after a software update, he would report to me that it had been a harrowing night or weekend with him "sweating bullets" and back and forth with technical support trying to get everything to work right. When he died, the first time I got a notification that a new version of software needed to be installed on one of our sites, I carefully followed the instructions and the site disappeared. I panicked and hunted for a solution and became totally confused. Tim was not a programmer, but he had a much higher aptitude for technical matters than I do, and had been the one to set everything up to begin with, so I was really lost. In that particular instance, it was a related site that wasn't generating any revenue anyway, so I just let it go. I knew I could not have anything like that happen with LDV, and I really didn't know the risks involved, so I didn't mess with updating software over the last year and a half. There were issues I did know about that prompted me to hire programmers to help me upgrade the site. What they found when they got into the underlying code was a serious mess. And very recently we had an obvious attack that diverted a handful of transactions one evening that required us to shut down the site.

We have moved the site to a new server, and moved that server twice, and the hacker keeps finding us. We patch the hole in the code that he came through, and he finds another hole. Whether this is one person, or any number of skilled hackers who have automated ways of detecting vulnerabilities around the www and exploiting them it is impossible to tell. It seems like one individual from overseas that is intent on having his way with LDV.

Because the website is so big and uses so many different programs all patched together with complicated relationships, there is no simple way to untangle the mess and smoothly rebuild the site with a much cleaner , secure system, as we have been planning to do since long before Tim died. It would be akin to separating conjoined quintuplets.

I am nothing if not creative, so we are working to solve the dilemma. Each day the site is down, is a day of lost revenue, and financing the rebuild is also going to also take creativity. If the hacker intentionally came after LDV for whatever reason and wants to shut it down, this is probably sweet news to him - and if the hacker just wanted to exploit LDV, it's disappearance will cut off the nose to spite the face. Regardless, this is an important resource and it is my livelihood, and I'm not surrendering it to a hacker.

I am setting up another way to offer our store items in the interim. I am setting up a way to get lessons to subscribers. Come back very soon to see the solutions we are putting in place.

Best regards,
Debra Woods
Joseph Smith was born in Sharon, Vermont on December 23, 1805
The youngest class in Primary is called Sunbeams - who shine for Him each day
Apricots and popcorn have a unique relationship to latter-day saints
Several years ago, we called the Nursery Class Moonbeams, and the 4-7 year old classes were Stars
Just so you know its really me writing this

No comments:

Post a Comment