Comments on: Media Temple/WordPress hacked

By: Sam

Sam — Tue, 24 Aug 2010 02:23:17 +0000

I think it is due to the ‘special source’ that GS uses

I don’t think it would affect the DV in same way (but long time since I had a DV account)

Also pixelkitty I get a warning that your site is infected with “pheonix exploit kit”. I had never heard of this before and googling it it appears to be a kit to assist in analyizing incoming traffic

AVG is warning me about the pixelkitty site

defo a MT GS issue not isolated to wp – it has happened a few times since also

By: Dave

Dave — Sat, 19 Dec 2009 21:16:39 +0000

I got a call from a client this morning saying their Drupal site was down. After finding the problem and this post the issue is exactly the same as what’s posted above.

The scary thing is that I am on a DV server. Don’t think that this is just a GS issue.

Just about to contact mediaTemple. I’ll post back if I find out anything extra.

By: Joly

Joly — Wed, 09 Dec 2009 08:02:26 +0000

Hi Jeff!

It seems to me that this is very similar to what went on at DH just about a year ago, if I’m not mistaken!

By: JeffreyBarke.net » Blog Archive » Media Temple/WordPress hacked Medical just to Me

Thu, 03 Dec 2009 12:58:34 +0000

[...] post: JeffreyBarke.net » Blog Archive » Media Temple/WordPress hacked By admin | category: media temple | tags: account, kyle-the-invincible, media temple, [...]

By: Dan Byrd

Dan Byrd — Wed, 02 Dec 2009 19:06:21 +0000

All my sites hosted with Media Temple were compromised. Both .htaccess and index.php files modified in Joomla or wordpress directories – different accounts. The interesting thing about this is that the perpetrators were able to access the admin control as well and turn on SSH and create a separate admin user. Media Temple surely got caught with their pants down due to lack of security. Who ever crashed this party surely isn’t interested in a reality show – unless their name is Kevin Mitnick.

By: jmcvearry

jmcvearry — Tue, 01 Dec 2009 00:28:08 +0000

(mt) Media Temple just posted a new update on the spam injection issue with some new info and progress updates.

check it out here:
http://weblog.mediatemple.net/weblog/category/system-incidents/1026-gs-security-advisory/

By: MediaTemple index.php Analysis – bundyxc.com

MediaTemple index.php Analysis – bundyxc.com — Sun, 29 Nov 2009 21:30:10 +0000

[...] passwords were stolen. In addition, many codes were added to people’s files. According to Jeffrey Barke, there were codes injected in index.php, and while there were codes injected in other parts of the [...]

By: Jeffrey Barke

Jeffrey Barke — Sun, 29 Nov 2009 16:37:11 +0000

Thanks for the link, Matt. It's definitely worth following and reading.

According to Media Temple, aaron, they're "not certain this exploit is directly related to the way we were storing passwords," which do appear to be stored in plain text. But I agree with you—if the passwords were not stored as one-way hashes, it was poor security.

By: fabbrication.net :: Blog

fabbrication.net :: Blog — Fri, 27 Nov 2009 07:49:55 +0000

[...] the extent of the security breach. My understanding of the incident, (as also blogged here and here), is that someone got ahold of many of the admin passwords for Grid Service (GS) accounts and thus [...]

By: aaron

aaron — Fri, 27 Nov 2009 02:16:00 +0000

Me too. Mediatemple did not fess up to the vulnerability but after they reset my passwords without my permission (then proceeded to have two hours of downtime so I couldn’t reset my password), I figured it had to be their problem.

Also, when I called in, they asked me for my password, and they said OK quickly enough to let me know the support guy was looking at a plain text version of my password (he couldn’t have typed it in to check that quickly). This means they don’t store a one-way hash of the password, but the actual password. This is poor, poor security IMHO.

I’d like a year of paid hosting or an upgrade to DV for the hassle. All my sites were affected and trying to pick through which files were affected and which were not is a royal PITA.