2016-2017 Internet-Wide hacks - For your info:
This is a FYI for all members (and even non-members)
There has been a major, major hacking spree during the years of 2016 and especially 2017.
I think most site owners in our arena are unaware of how many sites are involved, for some owners they have more than 1 site hacked. They are not special targets, everyone was a target.
YOU may be aware of some of the site breaches of some very large sites such as Experian, Yahoo, Clixsense and even (apparently) LinkedIn, ect. Strangely enough, even some hacks were done against hackers sites and their forums too!
The hacks involved limited info breaches, or complete copies of databases, installed malware on sites, took over the sites or defaced the sites.
They gathered BILLIONS of accounts from the biggest sites on the net, to the smallest sites. It was absolutely huge.
They did this in all type's of arena's (from credit sites, date sites, email box providers, even police websites, social networking sites, even numerous sites that numerous owners have in our marketing arena). I personally think that there is some new hack that no one is aware of yet as it's across so many types of sites with different levels of security.
The databases are publicly shared amongst the hackers on the "dark net". I have seen the easy-to-get downloadable databases on the dark net and have alerted a couple of owners to fortify their sites as I can see their database in the downloads.
What I have done to combat this:
Numerous fortifications were done, spanning over the years 2016-2018 on ALL of my sites, it didn't matter if the site was a target or not.
2016 - Started my studies on methods of hacking to prevent it.
2016 - Anti sql injection code (my own custom code) was added into numerous pages.
2017 - Certain software for the servers were installed. Hardened PHP scripting was done. The newer sites also had techniques tested on them.
2017 - All payout requests are heavily eyeballed. I payout each person by hand so they can be heavily checked, but it caused payouts to be slow.
2018 - Changes (removal or php mods) in advertising features on some sites, extra hardening (special custom) of php coding, live anti virus/malware scanning for all image uploads and file uploads. Implemented new scripting of file uploads and removed all old images FROM ALL sites to start fresh... just in case kind of thing.
2018 - Password change for some sites I suspect was a target or will be a target at some point.
2018 - Implemented DKIM, better SFP and strict DMARC rules on all outgoing emails so spoofing emails are rejected by email box providers.
2018 - Installed 2 new, exceptional anti virus/malware softwares on all 3 servers
2018 - Installed https certificates on ALL sites to use https if needed. And all login pages flip to https use (made it mandatory).
Bottom line: I'll continue to be in their forums & download sites as much as possible and will implement needed measures as time goes on. An exhaustive amount of work as been done behind the scenes, on all 24 domains, in order to do what was needed. My websites DO NOT store or ask for any sensitive information about you, but I still want to protect what info it does have.
What you need to do about this:
Have patience about changing your password if it's required on any site (owned by me or not), or uploading new pics and about the changes you have seen on my network especially, as the work is done for reason(s). It's to protect you and your accounts, and the sites also.
And do not use the same password everywhere.
IF YOU CAN NOT LOGIN AFTER CHANGING YOUR PASSWORD:
((Some sites use the username ONLY now. Not email address to login))
#1 Make sure the autofill is not filling the login form with the old password right before logging in.
#2 Type in your password on the form. I know my firefox will not remember the new password when I come back and login again - it fills it out with the old one.
#3 Use a different browser to test. It probably doesn't have the old cookie or autofill info on it.
#4 It's not needed to clear your cache or all of your cookies out. Just remove the individual cookie (it will be listed under the website name).
#5 Know that it's NOT on the site's end or I did something wrong in the scripting. All were tested and work fine.
June 20th 2018