Site security: changes following breach (updated)

Thanks to one of our observant readers who noticed a problem with the Community site this morning. The first link clicked – and only the first – was being redirected to an advertising site.

This was caused by a malicious addition to the ‘captcha’ code that presents a little visual puzzle when you enter a comment to check that you really are a person, not a robot. The problem surfaced worldwide on websites this week. It has now been fixed on LongstantonVillage.org: the offending code has been removed and a new captcha component substituted. The Parish Council site was not affected.

Apart from being mildly annoying, the hack appears not to be dangerous. If you noticed this behaviour when using longstantonvillage.org, you need not worry that your computer has been affected or compromised. Apologies if you were caused any concern.

In the wake of this security breach, it seemed a good time to improve the site’s defenses. Most of the changes made are ‘under the bonnet’ but one that users might notice is that the Login option has been removed from the menu. User accounts were introduced in the site’s early days when there was a forum and mailing system that required a login. These features were removed some time ago and there is now little practical advantage for users in having an account. For those interested in such things, despite its failings the old captcha system was good at what it did. In the 24 hours following its removal, no fewer than 7 new, spurious accounts were created on the site mostly by robots in the US and China. These days everything gets hacked.

Comments are closed.