So, Cowthulu got hacked! First I heard of it was a friend telling me that she’d been emailed about two posts that were just strings of letters and numbers (or GUIDs — unique, randomly generated values).
I’ve spent the last day or two cleaning things out (along with some assistance from my host provider) and tightening up my security. I think that they got into the site via a plugin that hadn’t been updated (Essential Addons for Elementor), but it could have also just been something more boring, like hacking my password (which was good, but not awesome).
They added a new user account, a bogus theme and a ton of various back-end PHP files.
Of course, if they hadn’t created the blog posts, it would have likely been a few weeks (or longer) before I noticed. So why did they do that? My theory is that they are looking for sites that are basically abandoned–that way they can tie them into botnets or some other nefarious plan. By generating the blog posts, they were basically saying “if you don’t fix this, we know we can use this easily.” Or it might have been part of an automated hacking mechanism. Or maybe they were just idiots.
Anyway, I think that the site is now clean and secure. I’ve locked up a bunch of things, cleaned out all of their junk, etc. If I were a proper hacker myself, I’d now turn around and break into their ultra-secret headquarters, then drop in on wires from the ceiling and pwn all their stuff. But since I’m about as 1337 as a pancake, I’ll probably just go watch the sunset.
I feel useful!