The Heritage Society website and server recently recovered from a large attack from a Japanese scamming organization. The WordPress install running on the society’s servers was compromised, and had fraudulent shopping sites and scam operations running off of the mhsheritage.org domain.
Our uptime monitors began indicating a fault on the 15th of July. This appears to have been a cloaking attack, as no change was visible to normal users of the site or the archives. Google search however was severely affected, with hundreds of fake Japanese pages being displayed under the Heritage Society name (see title image). After numerous hours of troubleshooting and re-installing core files, we were able to cease the attack. Our website has now been sent to google for priority crawling, so these fraudulent sites will disappear from google search results within the next week or two.
I was able to trace an individual gaining access to our google search console, which likely may have been part of the attack. This form of hack has luckily been widely documented, however the solution that worked for our instance has not been published online.
A forced re-install of all core wordpress files was the remedy in our case. It leads me to believe that malicious code was somehow injected into the wordpress install, which allowed the attackers to host their content on our servers. Fortunately none of the key design and theme files were affected, meaning we could retain the hours of user experience work that went into this website’s design.
We have also upgraded our server hardware with greater storage in the form of Solid State Drives. This upgrade means increased room for expansion, and significantly increased loading speeds. This will allow more partnerships between the society and other clubs (similar to the upcoming announcement of our partnership with the Writing Interest Group), and enable us to share our web infrastructure with other groups at Melbourne High School.
Leave a Reply