Yesterday morning we had a client who’s got a site on a virtual server email to say:
Hi Oban –
I just had a business colleague say that he went to my site, got a malware warning, and his entire hard drive was wiped out instantly.
Hard drive instantly wiped out instantly?!? Pa-leeease!
Nonetheless, this is a WordPress site so Dave looked through the code and didn’t see anything immediately out of line. We both visited the customer’s site and neither of our hard drives were instantly wiped out (we are craaazy risk takers!) I also looked at what Google’s Safe Browsing site currently thought of our network – which was that everyone was clean a whistle.
Dave then went to work with the leads that he gained from the Sucuri scan (good service that!) and found that a bad guy from Russia had broken into the site using an easy-to-guess password and installed the malware and backdoor by uploading a custom WordPress theme. From the log files: