As you have noticed CartographyAssets has been down since yesterday. Yesterday I was unable to login to my account, I reset my password only to find out it not working again after a little bit, which was odd. It prompted me to look into the server where I found some weird looking files. I inspected them and notified our host who also looked into it straight away.
As it turns out this was the right call to make as whilst myself and the host were looking into it some files started moving. The host did a great job backing up everything right away and removing any potential malicious files. They also reinstalled every core file of WordPress to ensure all core files are safe and sound. While they were doing that I was working on shutting down the entire website, putting Cloudflare in “Under Attack” mode, disconnecting the PayPal API and resetting every password from the mailing server to third-parties such as Cloudflare.
In the current day and age hacking attacks (sadly) are no longer rare. Whilst there are examples of websites and businesses having been completely locked out by ransomware, we have been lucky to have prevented most damage.
The hacker has been able to insert a file on the server which made them an admin account as a backdoor. Thankfully I quickly noticed this, removed the file(s) and user and prevented them from accessing the server. Whilst technically speaking this does mean the hacker has had access to an admin account and could have seen some user information, neither myself nor our host could find anything relating to activity on the account. Furthermore, by design, customer’s credit card number and security code are never stored on the website.
Because there is a small chance the hacker has possibly seen something like an email address, address or username I do recommend you be extra cautious in regards to possible phishing emails or scams in the future and would recommend you change your password just to be sure.
Well, all is well and back to normal! I have ensured the site to be safe as can be and did all necessary checks and more! I have also removed quite a few things here and there that are not 100% needed as to lower the over-all risks and vulnerabilities. For obvious reasons I won’t go into much detail in regards to what changed to our security systems but be assured that I’ve about tripled the security that is on the server and systems.
I have added the option to enable Two-Factor Authentication (2FA) for creators and normal users. Two-Factor Authentication means you have to authenticate a login using a different device, such as your smartphone. This way, even if your brother reads you type in your password, he still cannot do anything with it as he still needs your phone to authorize a login.
You can set up 2FA in your account settings under the “Wordfence 2FA” tab (https://cartographyassets.com/my-account/wordfence-2fa/)
Photo copies of passports
Some creators have ignored warnings about not sending their passport or ID-card in the verification process, this is not needed and I do not want them! I try my best deleting all of these as quickly as possible, but let this be a firm reminder as to why you should never send a photocopy of your proof of identification (passport or ID-card) to anyone on the internet.
As promised I am still working on improving this and will be coming with a new theme soon that will greatly improve performance. I just have to tweak a few things here and there. Because of the tightened security monitoring the site at the moment the site will be a bit slower than the usual slow loading times already present. I hope you all understand the need for this and rest assured I’ll be doing everything I can to improve this.
On a positive note
While this all is quite the drama for a one-man show like CartographyAssets I do want to thank every single one of you who have shown their support and patience during the downtime. It felt great knowing people would simply wait it out and give me the time I think I would need rather than having the feeling of an angry mob waiting outside the palace gates.
I also want to welcome all new members who have joined the Discord during the downtime! Hopefully you will all enjoy the website and content by the amazing creators on CartographyAssets! I’m sure you’ll enjoy the content!