Its hard to ignore the current disputes between ISIS and the rest of the world. Every news program and social feed contains links to videos and articles about this horrible ordeal, and it looks like its now also spread to the digital world.
I was messaged by a customer who said that their website had been hacked. When I visited the website I was greeted by the message;
Hacked BY MuhmadEmad ./we are peshmarga
MuhmadEmad seems to just be the persons name, but peshmarga (peshmerga) is a term used by Kurds to refer to “Armed Kurdish Fighters” which – as far as I can work out – should be people on our side, so im really confused as to why they would hack a little wordpress website that has nothing to do with this conflict.
I’m still looking into exactly what happened but it seems to have been a Gravity Forms exploit of some description – some files within uploads/gravity_forms/tmp were VERY dodgy so they’ve been downloaded for closer inspection and removed from the site.
Ive also updated all the plugins, themes and the wordpress core. Passwords for all wordpress user accounts, FTP and MySQL users changed too.
If you’re having trouble with a hacked website then contact me through twitter or something and ill help as best I can.