So this website was pretty much free of trackers with one notable exception, the fonts provided by the Twenty Fifteen theme. By its use of the Google Fonts API, most visitors were still leaking data back to the great chocolate factory. However, as the fonts are open source we’re free to use them outside of Google’s realm.
By now most people have gotten up to speed with latest news regarding the attack against the Linux Mint infrastructure and the ripples it created within the Mint community. If not, here is yet another quick and superficial recap:
- The Linux Mint website was compromised.
- The Mint forum database containing 145k accounts was sold online.
- The Mint 17.3 Cinnamon edition was reassembled and bundled with malware.
The symptom is rather ominous, your wp-content/cache/supercache folder is suddenly populated by additional domain name folders having no connection to your website. What could have caused this? Has your website been compromised or is there some reasonable explanation for this behavior.
What was supposed to be a quiet Saturday morning quickly turned into a couple of hours trying to mitigate an increasing strain on a WordPress based site. After getting around 800 post requests per minute to the WordPress xmlrpc.php file, resources for the site in question was getting sparse.