Last night I received an email saying that one of my domains has been suspended. I immediately checked the domain, and the site could not connect to the DB. Upon further research, logs showed that the site was hacked, and a master pw I had for the server had been changed, which in turn, caused 26 WordPress sites to go down. All passwords are 20+ characters, alpha – numeric. It is still unclear how they got into the site.
I hope that this will help the WordPress devs in finding a security hole and aid in a patch for this.
In the meantime, I had to create 26 diff master passwords, for sites and dbs that are running 3.4.1. I had 3 other sites that are running 3.3.2 that were not affected.
For WordPress Devs, I will provide server and sql logs upon request.
- The topic ‘Possible Security Hole with 3.4.1’ is closed to new replies.