All the Pages Hack Disclosure

This site, All the Pages (are my days) was the subject of a recent hack. The problem has been addressed and the site is restored and functioning normally.

Sometime between April 6th and April 13th, a zero-day vulnerability in the Yuzo Related Post plugin was exploited (see note below).

The result was that visitors to the site were redirected a site that attempts to convince the user their computer has a problem. There is no evidence or reports that this site tried to introduce malware. The approach was to have the user call a specified number after which social engineering would be employed to try and gain access to the computer.

No information or data was lost or leaked as the result of the hack.

The site is fully restored and with one minor exception, functioning as before. The exception is that the “Related Posts” functionality is temporarily disabled pending a fix to the problem.

The issue was resolved by both removing the plugin itself along with the malicious code that it inserted into the database that caused the unwanted redirects.

NOTE: I had been using the AllinOneWordPressSecurity plugin. For some unknown reason, I tried it instead of sticking to the tried and true Wordfence. Had I been using WF, I likely would not have been hacked. Of course, I’m once again using Wordfence.

“The XSS protection included in the Wordfence firewall protects against the exploit attempts we have seen so far. Both free and Premium Wordfence users are protected against these attacks.”

Here is a screen shot of the web page that users saw after the redirection. The numbers have been blurred.

Hacked Destination
Hacked Destination