I am so tired as I write this. Developing Automation is a balancing game, weighing up risks, deciding what is worth my time and what isn’t. Earlier today our keys database got ‘hacked’ by using SQL Injection techniques. All the keys got assigned to one user (who I won’t name, as it might not be his/her fault, but it is mightily suspicious). This database is separate from both the forum, and our wordpress front end. The risk of an SQL Injection was something that was always there in the back of my mind, something to get sorted out, but I’m not a php/mysql guru. This stuff was written over a year ago, where we had no money (as compared to today’s a little money) so could not afford to get someone in to work on it.
This SQL Injection is more of a major annoyance/time sink to fix. The database is restored from a backup from the 8th April. So most users are fine, apart from those who have ordered the game recently. I have manually edited them back, but there could be some mistakes and have fixed one this morning. As the keys were all assigned to one user, under his forum profile all keys in the database would of appeared, including future unsold keys. All keys have been regenerated, and the old keys are no longer valid and cannot be used. The keys system has been updated to stop this occurring again, and more regular backups have been instated. My father says problems always occur in 3′s, so I wonder what will be next?
Thanks for your support, and we are sorry that you the customer got caught up in all this.