Our previous hosting provider, smarterasp, was having a very significant outage this last weekend. We've been using them as our website provider for over 2 years without issue, however, due to this issue we plan to move providers.
Though smarterasp has not confirmed officially that there was a ransomware attack on its servers, according to second-hand reports, it appears that there was a ransomware attack on some of their 440,000+ websites.
Most importantly, we have NO PROOF that we were affected.
During the outage, we were able to access all of our files and none of them were encrypted. We've had NO official messaging from smarterasp telling us that we were affected. As it stands, we do not believe this possible ransomware attack against smarterasp affected us. Still, this is a concern and we've taken precautionary steps.
Things you should know:
- Payments for RGL happen on Paypal's website, not on RGL's website
- No personally identifiable information related to the transactions is stored in our databases (e.g. first name, last name, payment type.)
- The only information we store in RGL is related to the transaction Id from PayPal and whether or not the payment was successful.
- We've also verified that no unauthorized calls using our API credentials were done to the Paypal API
- We have also reset those credentials to be safe
- On top of this, during the outage, we were able to access our files on smarterasp's servers and we did not see any indication that RGL's website/data was affected by this potential attack.
To summarize: Information from Paypal related to who you are, is kept in PayPal and that data has not been compromised.Update: 11/14/2019
We've moved to a new hosting provider and no longer will be working with smarterasp going forward. We've also moved the website to be a single domain instance and this will make it much easier for us to apply https to the website. Our goal is to have that setup by December 1st.
Thank you for your patience over this last weekend.-sigafoo