LinuxMint WordPress Gets Hacked, ISO Downloads Infected With DDoS Bot

DomainBop

Dormant VPSB Pathogen
The hacking of LinuxMint's site is yet another example of why lazy idiots who are running outdated WordPress installs with multiple critical vulnerabilities need to update their sites regularly (hosting industry examples are blog.colocrossing.com WP v3.5.1, lowendbox v 4.3.1, Quadranet CEO's ilanmishan v 4.2.4 ...).  If you're running an outdated install you put everyone else on the Internet at risk when your site and server inevitably gets hacked and starts serving up malware or is used to attack other servers (of course the two hosting companies I highlighted who are guilty of this probably don't care about this since they've historically made a good chunk of their income by selling to spammers, hackers, botnet operators, and other criminals).


LinuxMint blog:

We were exposed to an intrusion today. It was brief and it shouldn’t impact many people, but if it impacts you, it’s very important you read the information below.


What happened?


Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it.


Does this affect you?


As far as we know, the only compromised edition was Linux Mint 17.3 Cinnamon edition.


If you downloaded another release or another edition, this does not affect you. If you downloaded via torrents or via a direct HTTP link, this doesn’t affect you either.
http://blog.linuxmint.com/?p=2994


Softpedia news story:

Linux Mint Team: They hacked us via our WordPress site


The first to provide an answer was Clement Lefebvre, leader of the Linux Mint project, who acknowledged in a comment on the official announcement that the initial point of entry was their WordPress blog.


In this scenario, the hackers managed to escalate their access to the underlying server and finally get shell access to www-data. From here they modified the Linux Mint download page to point to a malicious FTP server hosted in Bulgaria


http://news.softpedia.com/news/linux-mint-website-hack-a-timeline-of-events-500719.shtml
 
Last edited by a moderator:

DomainBop

Dormant VPSB Pathogen
LinuxMint is now  indicating the hack occurred via  a WP theme (not WP core), and they just posted a warning that after the hackers gained root access they also grabbed the forum database:

It was confirmed that the forums database was compromised during the attack led against us yesterday and that the attackers acquired a copy of it. If you have an account on forums.linuxmint.com, please change your password on all sensitive websites as soon as possible.


The database contains the following sensitive information:

  • Your forums username
  • An encrypted copy of your forums password
  • Your email address
  • Any personal information you might have put in your signature/profile/etc…
  • Any personal information you might written on the forums (including private topics and private messages)

...............


Out of precaution we recommend all forums users change their passwords.


http://blog.linuxmint.com/?p=3001?
 

Licensecart

Active Member
LinuxMint is now  indicating the hack occurred via  a WP theme (not WP core), and they just posted a warning that after the hackers gained root access they also grabbed the forum database:
No surprises there most hacks are via old themes, or outdated software.
 
  • Like
Reactions: RLT
Top