All,
Yesterday we a security incident on one of our shared web servers (web2.osuosl.org). An unknown subject used a vulnerability in a WordPress plugin [1] installed on one of the sites to add a javascript injection into a few sites. We believe the attacker only used a script and never gained root on the machine. We went through all of the affected sites and restored all files to their previous known good backup version and also updated the aforementioned plugin to the latest version. There doesn’t seem to be any indication that any user information was taken or used.
As an additional safeguard, we went ahead and enabled SELinux in enforcing mode on this machine. We’ve been working towards getting that enabled on our public facing servers for a while and this just made it more apparent that we need to get that done sooner. We started work on getting this enabled through our various services today and hope to have it fully enabled on more servers in the coming weeks.
If you have any questions or concerns, please let us know.
Thanks-
[1] https://twitter.com/umplugin/status/1028911823712530437
···
Lance Albertson
Director
Oregon State University | Open Source Lab