Full stack web developer, interested in all the things, but especially the web, code, design, Linux, OS X, PHP, WordPress, JavaScript & robots.

Tagged: linux mint

WordPress exploit led to Linux Mint hack image/svg+xml

A comment on the Linux Mint blog indicates that a WordPress exploit was the cause of their recent hack.

I’ll ask this question, without knowing the intrinsic details, or any specific details other than what has been posted above; did the breach have anything to do with the fact that you’re running WordPress?

Best wishes and thanks for the heads up.


Edit by Clem: Yes, the breach was made via wordpress. From there they got a www-data shell.

A later comment sheds a bit more light.

Could you give a detailed description on how they managed to get in via WordPress?. I’m curious whether it is a 0-day exploit due to bug in WordPress core or whether it was caused by plugins that you’re running. If it’s due to core WordPress bug then every WordPress websites out there is in serious problem.

Edit by Clem: No plugins, latest WP, but a custom theme and lax file permissions for a few hours. The security experts will probably find the exact cause. At the moment there’s no indication it’s related to WP core (we’d probably see a lot more sites being hacked right now, this seems to be targeted specifically at us).

Having recently attended a penetration testing seminar, and noticing how often WordPress was mentioned/targeted, I’m not in the least surprised by this news. Anyhow, I hope Clem shares more details, if and when they become available.

Beware of hacked ISOs if you downloaded Linux Mint on February 20th! image/svg+xml

We were exposed to an intrusion today. It was brief and it shouldn’t impact many people, but if it impacts you, it’s very important you read the information below.

What happened?

Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it.

Ouch! With Linux Mint at the top of the DistroWatch charts, it would be interesting to know the number of downloads involved.