Website owners beware – terrorist attacks on your websites too

Its hard to ignore the current disputes between ISIS and the rest of the world. Every news program and social feed contains links to videos and articles about this horrible ordeal, and it looks like its now also spread to the digital world.

I was messaged by a customer who said that their website had been hacked. When I visited the website I was greeted by the message;

Hacked BY MuhmadEmad ./we are peshmarga

MuhmadEmad seems to just be the persons name, but peshmarga (peshmerga) is a term used by Kurds to refer to “Armed Kurdish Fighters” which – as far as I can work out – should be people on our side, so im really confused as to why they would hack a little wordpress website that has nothing to do with this conflict.

I’m still looking into exactly what happened but it seems to have been a Gravity Forms exploit of some description – some files within uploads/gravity_forms/tmp were VERY dodgy so they’ve been downloaded for closer inspection and removed from the site.

Ive also updated all the plugins, themes and the wordpress core. Passwords for all wordpress user accounts, FTP and MySQL users changed too.

If you’re having trouble with a hacked website then contact me through twitter or something and ill help as best I can.

6 thoughts on “Website owners beware – terrorist attacks on your websites too”

  1. Any luck with this hack? I have been hacked here to with this and would appreciate any help, it keep reaccuring so obviously the backdoor is here somewhere. I have looked in uploads/gravity_forms/tmp but nothing there to be honest. Any other tips, I have done all the password changes but something remains here somewhere. Thanks for your time

    1. Hi – Are you the guy who hacked our clients website?

      Im intrigued – are you not a supporter of ISIS?

      I would really like to interview you!

  2. This just happened to my site and we are not using Gravity Forms. Overall it seems pretty innocuous, but I am just curious how it was accomplished. All that was done was a single post was edited. I can see the edit in the revision history, but it has no associated user. No files were modified.

Leave a Reply

Your email address will not be published. Required fields are marked *