Hi All. Looking to raise some awareness of an attack that’s hitting a number of wordpress sites.
While on the road at Miami Valley, we were notified that the mobile version of robotcasserole.org had been redirected to a spam page.
There’s a guess that SQL poisining allowed them to create new admin accounts, and overwrite the .htaccess file to induce the redirect on mobile devices only.
We were able to remove the hack, delete the user accounts, and perform site-wide updates, hopefully to mitigate this going forward.
Though for now I’m going to believe this happened because I suck at wordpress maintainence, I’ll share my words to anyone in the community who partakes in such hacking activities: YOU SUCK.
I burned hours late into the evening while on the road at Miami Valley to fix it, working remotely with a previous mentor who was far better at this than me. And then I had to get up and coach a drive team the next morning. Not cool.
Your actions have real world impact.