Anyone who runs sites using the WordPress platform and the plugin Simple Ads Manager will want to read this and learn from our mistake. Even those not using this particular plugin, but who have deactivated plugins not being used but still residing on their servers might find this useful. Luckily, in our case no harm was done, but that’s only because the incident occurred on a test site, so we were able to just take the site down. Lucky for us, it wasn’t FOSS Force or one of our other active sites.
Early Saturday evening we began receiving numerous email notices with two worrisome subject lines from our server. One subject was “LOCALRELAY Alert for sitename,” being sent to us at the rate of about every five minutes, with each showing info on the “first ten of 101 emails” that had been sent by the server since the last email notification. The other subject, “Script Alert for /path/to/script” was coming with the same frequency. To make a long story short, someone had hacked into a site we use to evaluate and test WordPress plugins before possibly deploying them on active sites, and was using it to send spam. Our test site had been turned into a spambot in other words.
Late last year, I was told that the area treated for throat cancer in 2012 was exhibiting pre-cancerous activity. I was told that it could remain “pre-cancerous” for twenty years, or it could again form into the cancer that tried to kill me in 2012. If that happened and it remained unattended, it would kill me in a matter of months. My options ranged from doing nothing and taking my chances, all the way to having my larynx removed to be done with this throat cancer monster once and for all. I picked door number two.
