Site back to normal

Mutantfrog has been apparently hit with some sort of javascript based attack that has been going around, as described by our hosting provider here. Unfortunately, it looks like it will take a fair amount of time to get things back to normal, and I might not have a chance to sit around my computer and work on it until at LEAST Sunday, so please do not visit again until after the weekend is over. Hopefully by Monday everything will be fixed.
The problem seems to have been solved. I’ve removed the nasty code and don’t see any more sign of it, but if you see anything suspicious, please contact me ASAP.

If anyone else running WordPress has been hit with a similar attack, directions for cleaning it up may be found at the link below.

http://wiki.mediatemple.net/w/WordPress_Redirect_Exploit

5 thoughts on “Site back to normal”

  1. I had the same problem hit several of my mediatemple sites. The lamest thing was Mediatemple passing the buck to its customers instead of fixing the problem that, for some reason, had only screwed up blogs on their shared hosting servers.

  2. I’m still unclear what the nature of the exploit was. Was it a flaw in WordPress? Was it in PHP, in mySQL? And why does it seem to have only hit Mediatemple? Is it because of a weakness in their system in particular, or did the attacker just target them due to a high concentration of WordPress blogs? These are the questions I would like to see answered.

  3. Just wanted to put my two cents in here.

    James, we’ve never passed the buck when the problems were ours. The simple fact is that most of the time website compromises are not due to anything (mt) did or did not do. I don’t know your specific situation, but the analogy is akin to blaming the computer manufacturer when you get a virus in Windows.

    We’ve recently addressed many of the concerns regarding security on our system. You can read more about it here:

    http://weblog.mediatemple.net/weblog/2010/07/21/am-i-hacked-security-explanations-from-mt/

    If you have any additional questions or concerns I’ll be more than happy to answer them for you.

  4. Travis, do you have any idea what the exploit used actually was? I just don’t see what might have happened to affect so many installations if it wasn’t a vulnerability in WordPress or mySQL.

Comments are closed.