Anyone who runs sites using the WordPress platform and the plugin Simple Ads Manager will want to read this and learn from our mistake. Even those not using this particular plugin, but who have deactivated plugins not being used but still residing on their servers might find this useful. Luckily, in our case no harm was done, but that’s only because the incident occurred on a test site, so we were able to just take the site down. Lucky for us, it wasn’t FOSS Force or one of our other active sites.
Early Saturday evening we began receiving numerous email notices with two worrisome subject lines from our server. One subject was “LOCALRELAY Alert for sitename,” being sent to us at the rate of about every five minutes, with each showing info on the “first ten of 101 emails” that had been sent by the server since the last email notification. The other subject, “Script Alert for /path/to/script” was coming with the same frequency. To make a long story short, someone had hacked into a site we use to evaluate and test WordPress plugins before possibly deploying them on active sites, and was using it to send spam. Our test site had been turned into a spambot in other words.
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux