Another hack <sigh>

Admin

Administrator
Staff member
Apologies to those who, for a relatively short time this morning, attempted to access FTO via a mobile device and got ads for porn sites instead. Beginning shortly after 7 a.m. MT this morning this behavior was occurring, and by 10 a.m. the problem was resolved.

For those techies who are curious about the specifics, a couple of Wordpress' PHP files buried deep in the core of the CMS were altered to create modified .htaccess files that redirected visitors using mobile devices. While it's not entirely clear how they gained access to the server to upload those modified files, passwords have been changed and a new malware/hack scanner has been installed on the server.
 
Yep, saw that when I went to check the news and figured it was a hack yesterday...
 
As an addendum, this morning I figured out how they were getting in. Our download manager was allowing unauthenticated ajax calls to execute arbitrary functions. This would allow an attacker to upload arbitrary files and perform a variety of other malicious tasks. That hole has now been plugged.
 
Back
Top