Page 1 of 1

Another hack <sigh>

PostPosted: Wed Sep 28, 2016 11:59 am
by Admin
Apologies to those who, for a relatively short time this morning, attempted to access FTO via a mobile device and got ads for porn sites instead. Beginning shortly after 7 a.m. MT this morning this behavior was occurring, and by 10 a.m. the problem was resolved.

For those techies who are curious about the specifics, a couple of Wordpress' PHP files buried deep in the core of the CMS were altered to create modified .htaccess files that redirected visitors using mobile devices. While it's not entirely clear how they gained access to the server to upload those modified files, passwords have been changed and a new malware/hack scanner has been installed on the server.

Re: Another hack <sigh>

PostPosted: Thu Sep 29, 2016 10:07 am
by EMSC
Yep, saw that when I went to check the news and figured it was a hack yesterday...

Re: Another hack <sigh>

PostPosted: Fri Sep 30, 2016 10:45 am
by Admin
As an addendum, this morning I figured out how they were getting in. Our download manager was allowing unauthenticated ajax calls to execute arbitrary functions. This would allow an attacker to upload arbitrary files and perform a variety of other malicious tasks. That hole has now been plugged.