# LinuxMint WordPress Gets Hacked, ISO Downloads Infected With DDoS Bot



## DomainBop (Feb 21, 2016)

The hacking of LinuxMint's site is yet another example of why lazy idiots who are running outdated WordPress installs with multiple critical vulnerabilities need to update their sites regularly (hosting industry examples are blog.colocrossing.com WP v3.5.1, lowendbox v 4.3.1, Quadranet CEO's ilanmishan v 4.2.4 ...).  If you're running an outdated install you put everyone else on the Internet at risk when your site and server inevitably gets hacked and starts serving up malware or is used to attack other servers _(of course the two hosting companies I highlighted who are guilty of this probably don't care about this since they've historically made a good chunk of their income by selling to spammers, hackers, botnet operators, and other criminals)._


LinuxMint blog:



> We were exposed to an intrusion today. It was brief and it shouldn’t impact many people, but if it impacts you, it’s very important you read the information below.
> 
> 
> *What happened?*
> ...



http://blog.linuxmint.com/?p=2994


Softpedia news story:



> Linux Mint Team: They hacked us via our WordPress site
> 
> 
> The first to provide an answer was Clement Lefebvre, leader of the Linux Mint project, who acknowledged in a comment on the official announcement that the initial point of entry was their WordPress blog.
> ...





http://news.softpedia.com/news/linux-mint-website-hack-a-timeline-of-events-500719.shtml


----------



## MannDude (Feb 21, 2016)

Yikes, thanks for the heads up.


----------



## mpkossen (Feb 21, 2016)

DomainBop said:


> lowendbox



Yeah, don't get me started on that.


The way the Cluster™ works is that files are not mirrored or on a shared volume. A single OVZ instance has to be replicated across nodes. This is known as the GoodHosting Model.


Only the uploads are synced, I think with the use of a cron job. This is why uploads to LEB always appear broken until a minute has passed.


----------



## DomainBop (Feb 21, 2016)

LinuxMint is now  indicating the hack occurred via  a WP theme (not WP core), and they just posted a warning that after the hackers gained root access they also grabbed the forum database:



> It was confirmed that the forums database was compromised during the attack led against us yesterday and that the attackers acquired a copy of it. If you have an account on forums.linuxmint.com, please change your password on all sensitive websites as soon as possible.
> 
> 
> The database contains the following sensitive information:
> ...


----------



## Licensecart (Feb 21, 2016)

DomainBop said:


> LinuxMint is now  indicating the hack occurred via  a WP theme (not WP core), and they just posted a warning that after the hackers gained root access they also grabbed the forum database:



No surprises there most hacks are via old themes, or outdated software.


----------



## wlanboy (Feb 21, 2016)

Well ... don't use blog software to distribute software.


----------



## drmike (Feb 21, 2016)

wlanboy said:


> Well ... don't use blog software to distribute software.



How about we all say in UNISON:  DON'T USE WORDPRESS ... unless you like living on the edge of a knife.


----------



## wlanboy (Feb 21, 2016)

drmike said:


> How about we all say in UNISON:  DON'T USE WORDPRESS ... unless you like living on the edge of a knife.



Time to add wordpress to my honeypots...


----------

