On September 27, 2022, we discovered that several Justia WordPress blogs had been hacked. Affected sites display the message “magbo link magbo.cc Invite codes: 8U8VIGPTRP”.
Screenshot:
We reached out to Justia first thing in the morning, but by the end of the business day, we were unable to get a response from them.
We have told clients who use Justia hosted WordPress sites that everything is going to be ok. These things happen and are easily remedied.
At the end of the business day, we’ve seen some sites repaired, and others not repaired, so if your law firm’s site appears to be hacked, we’d recommend telling Justia support asap.
Why did my site get hacked?
Attackers constantly scan the web, looking for security holes to exploit. WordPress blogs get defaced when attackers exploit a vulnerability such as an out of date theme, a vulnerable plugin or an insecure database.
In this case, the attacker most likely discovered a way to inject text into the WordPress database via SQL injection. When this occurs, blog posts will often end up with backlinks to something (such as an online casino), or some sort of text. In this case, the only damage done is some text.
We expect that Justia will simply fix the vulnerability and clean up your database, removing the “magbo” text.
Preventing WordPress Hacks:
While I would never use it, I am not against Justia’s hosted WordPress solution. With their setup, attorneys need not worry (much) about backing up and keeping WordPress up to date.
Of course, WordPress is a free Content Management System. You can always host it yourself for next to nothing. If you run a modern theme and keep it updated, there’s very little which can go wrong. We also recommend WordFence for extra added security.