SF defaced?

[Vaximillian]

Pic related, I guess:

It was a post about FE Heroes release celebration event.

Edited February 5, 2017 by Jyosua
Let's not give this guy undue credit.

[Jeheza]

Was just about to make a topic out of this. I actually hope this could be a drunk prank by VincentASM and nothing too serious

[Peppy]

Feels quite unsettling that this happened...

[Cornguy]

Its a prank of some sort for sure. I don't think VincentASM would do something so tasteless, but maybe someone left their tab open and a jokester thought this would be funny? At least I hope that's what happened, a lot less scary than someone actually stealing paswords from this site.

[fruits_punchsamurai]

NOT A prank by someone at SF. SF was legitimately hacked.

This is a thing that has affected a lot of other niche and blog sites. Google the hack name and lots of sites pop up.

If you search the name MuhmadEmad in YouTube , it pulls up a list of instructional hacking videos published by the guy under his YouTube handle.

 

Edited February 5, 2017 by fruits_punchsamurai

[Jyosua]

There was a privilege escalation bug in some of the more recent versions of wordpress. They disclosed the existence of it during a recent update that I hadn't noticed until now... which led to this guy hopping from site to site exploiting it. We've theoretically patched the loophole now.

I will say that I don't think it's a particularly good idea to disclose a serious bug like that so soon. Kinda mad they did that.

[Jyosua]

I did some follow-up investigation and it does appear that this was indeed the exploit used. It happens. It was a zero-day exploit and the update patch has only been out for about a week. I happened to have been busy the past week, so I didn't notice.