Uh...

The organization wasn’t big, but they did have an IT department that apparently consisted of about a half dozen people.

It was one of those compromises. One of the ones that, for whatever reason, I can’t quite get out of my head. One of those where I keep beating the bushes, trying to get someone to pay attention and get the thing cleaned up.

It took a few attempts, calling, sending email to everyone in IT, but eventually I got someone’s attention and a promise that they were working to get their website fixed.

A week or two passed.

As I often do, I went back to take a look - just to see if any progress was being made.

Sure enough, they had actually removed a wide swath of compromised pages.

Things were looking better.

Then I looked at one of their subdomains.

It was still compromised - still flogging term papers, performing SEO for academic dishonesty.

I emailed them again, figuring that they simply had missed this one portion of their infrastructure.

They responded almost immediately this time. They were aware that their site was still compromised.

And then, these IT professionals said one last thing: they had contracted to have a company come in and rework the PHP backend of their site to eliminate the issue.

Oh… I almost forgot one tiny, important detail: It’s a frickin’ WordPress site.

Uh…

-TL
Tom Liston
Owner, Principal Consultant
Bad Wolf Security, LLC
Mastodon: @tliston@infosec.exchange
Twitter: @tliston
April 7, 2021