Sites Hacked August 3rd 2014

On Sunday the 3rd several of our hosted sites were attacked and defaced by some Kurdish hackers. Fortunately the attack was limited to a single server where the intruder simply changed the “blogname” and “blogdescription” fields in the WordPress options tables. Unfortunately, those two fields hold the site’s title and description which is used throughout the site.

We determined the intruder entered through an unpatched WordPress plugin which has since been patched. Fortunately permissions are set so that the hack was not allowed to proceed any further. We are running additional malware detection tests on the entire server just to be sure. These malware tests take about a day to run.

We have assessed the attack, patched the problem and removed all traces of the hacker. If we have missed anything please let us know.