We’re aware of the injection of malicious code into our pages, and hope our users realize that we’re actively fighting it. At the moment, this is almost a daily routine with us. This web site, as well as my personal web site, are the targets of repeated attacks, apparently exploiting a hole in the security of our web server. This is an issue we would like to have corrected immediately, but we’re engaged in a heated blame game with our host provider, who insists that it is our security procedures, and not theirs, that is at fault (this in spite of almost daily password changes on our script installations, FTP accounts, and Master accounts). In short, we can’t get our host provider to address the issue because they refuse to accept our contention that their server security protocols are faulty.
We’re looking to relocate the Malleus Maleficarum to a new server soon, as soon as funds allow. In the meantime, please accept my assurances that I am hyper-vigilant in checking our scripts on a daily basis for changes that need to be corrected. And if anyone knows how we might more effectively fight the annoying IFRAME injections which hackers seem to be able to do to this web site with impunity, we would certainly appreciate any recommendations. But please keep in mind that all of the obvious issues (frequent password changes, virus scans and other security protocols) have already been addressed. So… recommending that we change our passwords will warrant a hearty “duh!” from us. Or from me, at least.
My apologies for the inconvenience. Apparently someone thinks this work is important enough to be disrupted. I suppose we should be flattered that some loser has made it his personal mission to disrupt this web site. But I’m not. I believe in the Three Fold Law, but take little comfort in knowing that some misfit is earning a whole lot of pain.
- Wicasta Lovelace