I'm not a web-dev expert by any means, but I'd have to guess it was some vulnerability exploit done that probably effected many others pages out there using the same backend framework or something.
Thanks for the response IK, appreciate it!
Daggerfall unity website
- Interkarma
- Posts: 7247
- Joined: Sun Mar 22, 2015 1:51 am
Re: Daggerfall unity website
I'm very proactive about updates and best practices. There have been some high profile Wordpress security issues lately and the Workshop was likely caught up in one of those.
- BadLuckBurt
- Posts: 948
- Joined: Sun Nov 05, 2017 8:30 pm
Re: Daggerfall unity website
Glad you were able to sort it out. It does sound like they took advantage of a 0-day leak. In my experience, it usually comes from the the plugin side of things, Wordpress itself is relatively secure compared to it's earlier versions so purging the plugins is a good call. I hope the logs will shed some more light on the how.Interkarma wrote: ↑Fri Dec 10, 2021 12:55 am I'm very proactive about updates and best practices. There have been some high profile Wordpress security issues lately and the Workshop was likely caught up in one of those.
DFU on UESP: https://en.uesp.net/w/index.php?title=T ... fall_Unity
DFU Nexus Mods: https://www.nexusmods.com/daggerfallunity
My github repositories with mostly DFU related stuff: https://github.com/BadLuckBurt
.
DFU Nexus Mods: https://www.nexusmods.com/daggerfallunity
My github repositories with mostly DFU related stuff: https://github.com/BadLuckBurt
.
- Interkarma
- Posts: 7247
- Joined: Sun Mar 22, 2015 1:51 am
Re: Daggerfall unity website
I've confirmed entry point was related to a vulnerability in PublishPress Capabilities plugin. There was a window of about 24 hours from December 7 to December 8 where bad actors could inject a database change to allow registering new administrators before plugin was patched.
It seems millions of sites were involved in a recent attack campaign using this vulnerability among others.
https://thehackernews.com/2021/12/16-mi ... under.html
Fortunately I had recent backups and could roll back to a point in time prior to attack and secure site quickly.
It seems millions of sites were involved in a recent attack campaign using this vulnerability among others.
https://thehackernews.com/2021/12/16-mi ... under.html
Fortunately I had recent backups and could roll back to a point in time prior to attack and secure site quickly.
- BadLuckBurt
- Posts: 948
- Joined: Sun Nov 05, 2017 8:30 pm
Re: Daggerfall unity website
Thanks for the link, it's always good to be aware of these things. Looks like the damage could've been much worse. It's good you know exactly where it came from, I know I cleaned up plenty of Wordpress sites without ever finding the real culprit.
DFU on UESP: https://en.uesp.net/w/index.php?title=T ... fall_Unity
DFU Nexus Mods: https://www.nexusmods.com/daggerfallunity
My github repositories with mostly DFU related stuff: https://github.com/BadLuckBurt
.
DFU Nexus Mods: https://www.nexusmods.com/daggerfallunity
My github repositories with mostly DFU related stuff: https://github.com/BadLuckBurt
.