This morning, I woke up to find Geeky KOOL had been hacked. My post with the Stranger Things 2 trailer had been changed with a message that we had been hacked. I hate when people are malicious just to be malicious.
I was angry about this change. I immediately went into fixing it mode. I forced updated all the staff passwords. I contacted my system administrator for him to look into it.
A friend of mine, Jeff Morrissey, pointed me to an article from DarkReading.com about a Word Press vulnerability. It was located in the REST API in WordPress 4.7.
The current update for Word Press is 4.7.2. Geeky KOOL had not been updated since 4.7. This was my fault. It is my responsibility to have Word Press updated by our system admin.
Word Press put out the update but didn’t publicly disclosure of a vulnerability right away. They kept it quiet. When it was announced, I didn’t know about the vulnerabilities. I didn’t know about the security issue until it directly affected me.
The security update fixed a serious code injection vulnerability in its CMS. This could and did allow an unauthorized attacker to alter my post.
Since we ran the update of 4.7.2. to Geeky KOOL, we haven’t had another further unauthorized changes to Geeky KOOL. Let this be a lesson to all of us. Take the time to update when those pesky updates pop up.
(Via Dark Reading)
Stay Geeky My Friends!