We were hacked!

We’re back! You may not have noticed we were gone, but the Educational Development blog was hacked!

At the end of July we received a tip-off from JANET (the organisation which provides computer network services to UK research and education institutions) that they had detected activity from our blog that suggested it had been compromised. Straight away we disabled public access to the blog.

After some initial investigation it turned out that a vulnerability in the version of a WordPress plugin that we use had been exploited in order to serve malicious code to our users. As far as we know no-one was affected by this malicious code, and swift action from the University of Liverpool Computing Services Department (CSD) meant that the threat was quickly eliminated.

We had in place a routine to keep the blogs of the Centre for Lifelong Learning (CLL) up to date, with regular monthly updates, but it seems that we weren’t quick enough to update to the latest version of the software.

As we kept backups we decided that it would be simplest to delete the lot and start from scratch. Simon in CSD took an export of the database from the exploited site and then hit the metaphorical big red button. Once he had setup a new and clean version of the site we set about trying to restore the site.

At this point we realised that all of the backups that we kept were either corrupt or kept on the server and at risk of infection.  I therefore took the difficult decision to re-enter the posts by hand from the database dump. We lost all of the images previously hosted, but the content was recovered at least.

It’s been a long and time consuming road to recovery, but it’s not without it’s positives. We now have a more robust back-up and updating policy, and we’ve got a fresh look to the site too (having lost our previous custom theme).

My appreciation must also go out to Simon and Ian in CSD without whom I would’ve been lost, as well as the team at JANET for alerting us to the problem as quickly as they did. Thanks!

Header image credit to: Brian Klug and used under creative commons licence.