Multiple website compromises / e-mail delivery issues: WordPress attack

In an issue very similar to last week’s outage, our shared hosting server was hit by a compromise which caused high volumes of malicious e-mail messages to be sent out.  Unfortunately, this time multiple customer websites were confirmed as simultaneously compromised.  All of them were using the WordPress content management system (last week’s victim was not), and may have been attacked through the same scripting vulnerability.

As such, we have audited every WordPress-based site on the server, finding a total of seven sites with malicious code additions.  Those websites have been temporarily suspended while we work with their owners to re-secure the sites and remove the malicious code.  We will additionally be contacting every single customer running a WordPress-based site to make certain that all installations have had the most recent security patches applied.

One of the effects of the attack is that large volumes of spam were once again sent out from our shared hosting server, causing it to be placed on e-mail blacklists and watchlists.  Outbound messages are correctly passing through our server, but the reputation issues are causing them to be rejected at the recipient’s end.  This affects customers with e-mail addresses at spiralEmail.com, sierraEmail.com and custom hosted domains.  We have requested removal from every blacklist which allows manual delistings, but restoration of full email delivery may require 24 hours or more for automated listings to expire.

About Bax

I'm the Technical Support Director for Spiral Internet. You can reach me during business hours at (530) 478-9822, Ext. 1. I'm happy to answer your questions!
This entry was posted in Unplanned Outages. Bookmark the permalink.