{"id":14719,"date":"2018-11-11T14:48:06","date_gmt":"2018-11-11T12:48:06","guid":{"rendered":"https:\/\/www.roumazeilles.net\/news\/en\/wordpress\/?p=14719"},"modified":"2018-11-11T14:54:02","modified_gmt":"2018-11-11T12:54:02","slug":"more-technical-news-about-our-web-site-hack","status":"publish","type":"post","link":"https:\/\/www.roumazeilles.net\/news\/en\/wordpress\/2018\/11\/11\/more-technical-news-about-our-web-site-hack\/","title":{"rendered":"More technical news about our web site hack"},"content":{"rendered":"<p>After a more thorough analysis, I believe that I have now a clear image of what happened to Roumazeilles.net.<\/p>\n<p>It appears that a hacker introduced itself into our web site through an insecure WordPress plugin. The security defect has been corrected relatively quickly, but it left a wide open gap during a few days. The hacker was able to<\/p>\n<ol>\n<li>create several privileged access points into the web site (administrator accounts).<\/li>\n<li>modify posts and pages to add a script susceptible to bring a malware infection (that I could not more precisely identify).<\/li>\n<li>modify the web site to point back to another infected web site.<\/li>\n<li>modify the web site to create himself an additional backdoor entry point.<\/li>\n<\/ol>\n<p>this most probably happened during the Friday November 9th night (or very early on Saturday November 10th). It hit four of my web sites in a row (on four other sites I caught the infection before it could become extensive or dangerous for the users\/visitors).<\/p>\n<p>The corrections I implemented allow me to assure that the incident is now (Sunday November 11th at noon) closed for all four infected web sites.<\/p>\n<p>The consequences for you, the visitors:<\/p>\n<ol>\n<li>it is possible (though quite unprobable) that some <a href=\"https:\/\/www.roumazeilles.net\/news\/en\/wordpress\/data\/\">personal data<\/a> have been taken, but it was not a clear objective of the hacker.<\/li>\n<li>all users with an account on the web site have been informed, their passwords force-modified to a safer value (it appears nobody had really fragile or re-used password &#8211; my advice: never re-use one web site password on another web site).<\/li>\n<li>during a few tens of hours, Roumazeilles.net was used to propagate one or more malwares to visitors of our pages and posts. My advice: Immediately check your computer with a good anti-virus.<\/li>\n<\/ol>\n<p>I hope (and I believe) that this is all.<\/p>\n<p>&nbsp;<\/p>\n<p><a href=\"https:\/\/blog.sucuri.net\/2018\/11\/erealitatea-net-hack-corrupts-websites-with-wp-gdpr-compliance-plugin-vulnerability.html\">Technical details<\/a>\u00a0on this specific attack (we were not alone in the list of victimized web sites).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>After a more thorough analysis, I believe that I have now a clear image of what happened to . It appears that a hacker introduced itself into our web site through an insecure WordPress plugin. The security defect has been corrected relatively quickly, but it left a wide open gap during a few days. The [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":14501,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[79,34,2],"tags":[2373,332],"class_list":["post-14719","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-tech","category-wordpress","tag-gdpr","tag-privacy"],"_links":{"self":[{"href":"https:\/\/www.roumazeilles.net\/news\/en\/wordpress\/wp-json\/wp\/v2\/posts\/14719","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.roumazeilles.net\/news\/en\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.roumazeilles.net\/news\/en\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.roumazeilles.net\/news\/en\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.roumazeilles.net\/news\/en\/wordpress\/wp-json\/wp\/v2\/comments?post=14719"}],"version-history":[{"count":0,"href":"https:\/\/www.roumazeilles.net\/news\/en\/wordpress\/wp-json\/wp\/v2\/posts\/14719\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.roumazeilles.net\/news\/en\/wordpress\/wp-json\/wp\/v2\/media\/14501"}],"wp:attachment":[{"href":"https:\/\/www.roumazeilles.net\/news\/en\/wordpress\/wp-json\/wp\/v2\/media?parent=14719"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.roumazeilles.net\/news\/en\/wordpress\/wp-json\/wp\/v2\/categories?post=14719"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.roumazeilles.net\/news\/en\/wordpress\/wp-json\/wp\/v2\/tags?post=14719"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}