[Hosting] web2.osuosl.org (shared web hosting server) security incident 2018-08-14

[Lance Albertson <la...@osuosl.org>]

All,

Yesterday we a security incident on one of our shared web servers (
web2.osuosl.org). An unknown subject used a vulnerability in a WordPress
plugin [1] installed on one of the sites to add a javascript injection into
a few sites.  We believe the attacker only used a script and never gained
root on the machine. We went through all of the affected sites and restored
all files to their previous known good backup version and also updated the
aforementioned plugin to the latest version. There doesn't seem to be any
indication that any user information was taken or used.

As an additional safeguard, we went ahead and enabled SELinux in enforcing
mode on this machine. We've been working towards getting that enabled on
our public facing servers for a while and this just made it more apparent
that we need to get that done sooner. We started work on getting this
enabled through our various services today and hope to have it fully
enabled on more servers in the coming weeks.

If you have any questions or concerns, please let us know.

Thanks-

[1] https://twitter.com/umplugin/status/1028911823712530437

-- 
Lance Albertson
Director
Oregon State University | Open Source Lab