Site is back online

It appears that due to some stale installations of WordPress on my web hosting account, somebody managed to inject a whole bunch of garbage into the server that is running this website.

From what I can tell the initial intrusion happened in late August, while the thing that caused the site to go down happened on the morning of September 19th.

The script that ran on the machine injected files across practically every available directory on the server. It wasn’t a very subtle hack. It allowed the host to act as a ‘pass through’ – if you ever wonder why hacks these days are almost impossible to geo-locate, it is because they are almost always done through infected servers and this makes things incredibly difficult to trace after the fact.

Anyway, after many hours of polishing off my ancient UNIX skills, I’ve managed to restore this site from my backups and things should be back to normal again.

Divestor is back online – for now!

I could not imagine how anybody that doesn’t know how to navigate within an SSH session could solve this without getting external assistance (read: $$$$). Things are getting really complicated these days.

1 Comment
Inline Feedbacks
View all comments

Hm, more details please?
What was malware doing?
Which extension had vulnerability or was it outdated WP version?

I guess, most hosting companies offer backup/restore service, you don’t need to know Linux, it’s a one-button-click solution.

You can try WP Cerber, it helps.