Leaderboard

Someone mass-hacked just about every WordPress installation on Tommy, then dropped a bunch of malware. Some of the accounts also had a spambot or phishing set up on them. The name of the hack comes from the username of the admin account the hacker created in the WordPress database on compromised accounts. We ended up just mass-banning almost every WP user on Tommy (without backups due to malware and phishing), then giving them new accounts. The interesting part is that whatever hack they used works on fully up to date, extension-free WordPress installs, meaning there's a severe security hole in WP's core. People around the world were reporting this hack on different hosts too around the same time. WP themselves...they spent their time deleting people's complaints, closing hack reports as no issue found, and denying the hack exists despite the obvious evidence to the contrary. Just another reason to never use WordPress...