Great news. Sites are up and running in a jailed IP block while we scan and test. If all goes well everyone will be back online soon. If it fails the security tests, then to be frank we won’t allow it to be opened up and thus we need your help.
Geeky stuff: This is a quick update from Ed given my communications team is out. The current status of the rebuilding of sites for the portion of our clients who have been offline for a significant period of time is that our new servers in a new higher security “IP Jail” is running well as of this morning.
We are and will continue to scan and work to remediate any compromised files. The original operating systems have been formatted/replaced and all legacy Windows T4 clients that were on Windows 2003R2 are being jumped from IIS 6 to IIS 8.5 on Windows 2012R2 so you will be on the most secure Microsoft Platform ever.
(Note – No Tendenci 5 clients had any issues and I apologize to y’all for the lack of responsiveness on day to day issues as our team addressed the issues for our other clients.)
For our T4 clients coming back online in the new environment, yes, there will be issues as we change IP addresses and email relays and the like but our timeline of Monday is still on track, hopefully sooner. And perhaps a few strong clients will volunteer not to be online first, but to be a volunteer to go through a third party security audit of their site on behalf of everyone who has been a victim of this unfortunate crime. It is like a stress test that attacks a site in a silo to be sure when opened to the public it works as designed. I believe this is an important step to get third party validation before bringing everyone back online for the sake of safety and security.
As a CEO it is my job to foresee and prevent these occurrences, and in this case I missed the mark by a long shot. The Monday deadline will only be possible with some assistance from the community testing a few sites off of the public network for functionality as we work out the transition of over 50 sites to an entirely new cloud based security system that may be (OK, it is….) locked down quite tight. Yet it is better to lock and release, than to risk having to protect our clients by shutting down a server again.
And as I have said I apologize again. This is a crime. We are documenting it for the authorities as best we can. But that isn’t the point. The point is we work with caused based and people trying to change the world for the better. That is what Tendenci IS! And we let you down. Help us fix it because it isn’t us and you, it is just “us”.
CEO, Tendenci, Inc.