The Dayton Metro Library spent upwards of $25,000 to update its website after a “malicious code” was inserted into the content management system on one of its public web servers last month.

The primary function of that code was to initiate bogus traffic from the library server promoting links to a list of other websites thus improving the search engine result rankings for those sites, according to Barb Kuhns, the library’s assistant director for information technology services.

Twelve web servers make up the library website and, the malicious code breached one. The library does not know how the code was inserted.

“The biggest thing is, at no time was patron information compromised or at risk,” Tim Kambitsch, director of the Dayton Metro Library said.

The problem occurred due to vulnerabilities in the system, he said.

Investigations found that all backup versions of the library system’s files on that server were compromised and staff decided that the safest way to eradicate the malicious code was to rebuild the website.

Rebuilding all of its components is taking time and some features are easier to bring back than others, Kambitsch said. Several popular sections of the website such as newly ordered and most requested books, movies, music, kids and teens pages, along with Dayton obituaries are still being rebuilt.

The process of rebuilding the site is well underway and the main part of the website is expected to be completed by March 31. Kambitsch cautioned patrons who had set direct links to favorite parts of the website, that they may find some of the old links no longer work.

The library’s online catalog and popular services such as the Overdrive ebook server and the new magazine service Zinio were unaffected.

The Dayton Metro Library receives about 250,000 visits each month.