Apologies to anyone attempting to visit the nicehair.org website on Monday and Tuesday this week. Unfortunately an automated spyware program added a “malicious script” to nicehair.org on Monday. I have been working to remove this with the help of a consultant since the script was discovered on Monday morning.
Fortunately it was easy to remove and it was removed quickly. However I then had to go through the laborious task of changing all passwords and updating security on the site. Nicehair.org uses a blogging platform called WordPress, which is probably the best blogging software in the world. However, as with all website content management systems it has vulnerabilities.
If you have visited nicehair.org over the last three days and seen a warning message advising you not to enter, don’t worry, the malware was removed as soon as it was found. The message remained up for several days because Google and web browser software companies were not contacted to request the warning messages be taken down until nicehair.org was completely updated.
Nicehair.org is now back to normal
This security breach did not compromise any user data and all users are completely safe to browse and use the website at their leisure.
Password updates for members area
Please note that your members area password will be changed for security reasons. Your new password will be emailed to you. Please do not share your password with anyone.
You do not need to change your members forum password. In fact the members area was not affected. However for security reasons we decided to improve security on all areas of the site.
Why was the site breached?
Fortunately the malware added to the site was not the sort that collects customer data. It was simply a “Black Hat SEO” method for promoting a website by using the authority of nicehair.org to improve the hacker’s website’s Google rankings. Less scrupulous website owners use automated software that searches the web for websites with vulnerabilities. These software programs break into the websites and add malware to them in order to promote their websites. Many website owners may have this malware on their websites without even knowing it. However nicehair.org has a protection system, which alerted me as soon as the malware was found. I was then able to remove the malware quickly.
Your data is safe
Fortunately, all transactions on nicehair.org are processed via Paypal. We also have an additional layer of encryption security. Any payment details you have entered on nicehair.org are actually only entered into Paypal (using the Paypal third party checkout). Paypal has world class security to handle your data. Your data is completely safe and has in no way been compromised.
Site Outage
Apologies to anyone who has tried to access the website over the last 48 hours. And apologies to all members who have posted in the members forum and have been waiting for a reply. I have been busy working on containing the threat over the last two days and I will be updating all forum threads as soon as possible.
Thank you to everyone for your patience and thank you to all the members in the private members forum for being such great contributors. I really appreciate it and it’s good to have the website back up and running for everyone to use again.
Now I have hired a specialist to further improve the website’s security to protect it from any future malware threats. Since nicehair.org has started to become more popular it inevitably has become more of a target to people who want to use it to boost their spam website’s traffic. I will be taking measures to make sure this does not happen again!
Once again I’d like to reiterate that any data you have entered on nicehair.org is completelely 100% safe. Your personal details have remained 100% confidential and they are handled by Paypal and Paypal only.
Thank you again for your patience and apologies to anyone who has been inconvenienced by the website not being available.
All the best,
Chris
