Taoscopy has been hacked

Published: Monday, 14 October 2019

Photo by Jilbert Ebrahimi on Unsplash

When I started building taoscopy.com, security was an important aspect of it. I have used a program named fail2ban that would help me detect and prevent attacks from the outside.

Alas, it was many years ago, and I did not notice that fail2ban had stopped functionning, probably after an update that made it incompatible with the previous configuration I had done.

However, my site stayed safe because I used only a few trusted plugins for Wordpress. Recently though I added two new plugins, one for the design named Oxygen, and since my site had become to run very slowly I added a cache plugin named Autoptimize. While the hackers may have simply guessed my password from a brute force attack, it is also possible that they have used one of these plugins.

Fortunately, instead of going stealthy about it, the hackers have modified an essential file in my site and merely broke it, and that called my attention. At first, I thought it was a bad update, and made a few manual fixes without noticing the hack, but a few days later I discovered that Taoscopy has been compromised!

As a result, I have naturally taken the site offline and rather than repair it, I have decided to make a new one instead, that would use newer technologies and probably be more secure. The problem with Wordpress is that we don't know exactly what the site is doing, where it sends data, and there are a number of security issues, such as the database passwords clear visible once the administrator login is obtained.

Now the new site is up, you might have noticed that it is much much faster than the previous one. It is also more secure since I have restored fail2ban and updated it to match the attacks of today

Most of the functionalities have been restored, the consultation button has been moved to the right but I am sure you have found it. All in all it was a necessary move, because the site was too slow anyway, and this attack gave me a good reason to do it. Sorry for the inconvenience it may has caused to you, and I hope that you will enjoy the new site.

Replies

Please login to reply