Daggerfall unity website

[Magicono43]

I'm not a web-dev expert by any means, but I'd have to guess it was some vulnerability exploit done that probably effected many others pages out there using the same backend framework or something.

Thanks for the response IK, appreciate it!

[Interkarma]

I'm very proactive about updates and best practices. There have been some high profile Wordpress security issues lately and the Workshop was likely caught up in one of those.

[BadLuckBurt]

I'm very proactive about updates and best practices. There have been some high profile Wordpress security issues lately and the Workshop was likely caught up in one of those.

Glad you were able to sort it out. It does sound like they took advantage of a 0-day leak. In my experience, it usually comes from the the plugin side of things, Wordpress itself is relatively secure compared to it's earlier versions so purging the plugins is a good call. I hope the logs will shed some more light on the how.

[Interkarma]

I've confirmed entry point was related to a vulnerability in PublishPress Capabilities plugin. There was a window of about 24 hours from December 7 to December 8 where bad actors could inject a database change to allow registering new administrators before plugin was patched.

It seems millions of sites were involved in a recent attack campaign using this vulnerability among others.

https://thehackernews.com/2021/12/16-mi ... under.html

Fortunately I had recent backups and could roll back to a point in time prior to attack and secure site quickly.

[BadLuckBurt]

Thanks for the link, it's always good to be aware of these things. Looks like the damage could've been much worse. It's good you know exactly where it came from, I know I cleaned up plenty of Wordpress sites without ever finding the real culprit.