He-, hello? Is this thing on? Are we back? I think we’re back.
At some point in the recent past, you probably noticed that the NAG website was very, very dead. It’s the result of a hugely unfortunate set of circumstances that left us crippled and almost completely offline for very nearly two full weeks.
Thankfully, after what’s felt like a lifetime worth of stress and panic, we’re now fully operational again.
I’ve been keeping a wary eye on things since we came back online yesterday afternoon, and everything appears to be back to normal. Now, I’m sure you’d appreciate some form of explanation.
The short of it is: we were hacked. By bastards. Filthy, scheming, worthless bastards. Filthy, scheming, worthless bastards looking to use our site as a vehicle to freely advertise their weird pharmaceutical products like Viagra and whey protein and Dad’s Special Pill or whatever. The placement of their alien script also dismantled our website’s aesthetic, causing it to vomit up a hideous chunk of normally-invisible HTML and website code that pushed the actual website way down within the browser window. As far as I can tell, the hack wasn’t anything exceptionally malicious. It’s mostly intended as a means to hijack our site’s listing on search engines, replacing its description with their own spam-y, advertise-y crap.
This does have a terrible side-effect of course: if left alive for too long, the hack would’ve ensured that eventually the NAG site would be flagged by the various search engines, browsers and anti-virus software as being riddled with spam and/or malware. Which means that, upon attempting to visit the site, the various platforms listed above would suggest that people strongly reconsider their choice to check up on NAG. Which would’ve been devastating.
I was forced to take the site offline and immediately search for the root of the hack. Unfortunately, this all happened on a Saturday. I spent hours trying to follow the breadcrumbs to the source of the infection – but while I have a certain degree of experience with this sort of thing, I’m neither a web developer nor a security expert. Couple that with the fact that I don’t have the correct tools to properly find and remove dodgy scripts, and I felt like a mad drunkard attempting to use a spoon to chop down a twisted, evil-looking tree. Backups were all but useless, because this particular hack had been lying dormant for months, and my oldest backup was only a month old.
We needed external help, and lots of it. To make matters worse, the upcoming Monday was a public holiday, and so we’d only be able to contact people on Tuesday, nearly three days after the initial infection. That, and we were moving offices on the Wednesday, which would inevitably throw more large, unwieldy spanners in the works. Anyway, on Tuesday we got in touch with a company called Black Snow Digital.
They kindly agreed to help us, and after a few days of tinkering with a cold build of the site, they discovered the problem’s source, and simultaneously realised that our problem was a tad more complex than initially expected. It turns out this crew of assholes selling drugs that tickle man-bits is surprisingly adept at worming their way into every possible corner of a website to which they’ve gained access.
Essentially, Black Snow had to be sure they cleaned absolutely everything, or the hack would return within days. As you know, it took what felt like forever before the site was given the all-clear, and it wasn’t helped by the fact that in my mad tinkering I completely broke the site’s layout and had to piece it all together again from memory before copying it back to our live server.
So here we are. It’s been a really crappy, really stressful couple of weeks, and I hope that those responsible for the hack wake up one morning to discover that all their vital organs have been replaced with fat, pulsating tumours. And that their sweat glands are cursed to endlessly excrete month-old milk all day, every day, for all of days. I also hope you’ll join us in praying to the gods of irony that, if the hackers happen to be male, for the rest of their miserable lives they’re incapable of working up an erection, even after consuming all the Viagra on the planet.
Special thanks to Nic Baker, Ewan Rapson and the rest of the awesome team at Black Snow Digital for assisting us in nursing this site back to health. We really couldn’t have done it without you.
To those NAG fans wanting to know whether or not any user accounts have been compromised (such as those on our forums), you can rest assured that those details are secure. The hack wasn’t mining data, it’s purely a malvertising (or whatever it’s called) thing. Still, if this whole thing has made you feel as icky as it’s made us feel, enough so that you’re driven to change your forum password, it obviously couldn’t hurt.
As for you, person reading this: we’re sorry. We’re deeply sorry for disappearing on you like that. But hey, it’s great to be back.