@snow I mean, as @soatok said, since the server is dead it's not possible to say what it actually was, but it seems equally likely to me that it was an accidental misconfiguration (not necessarily in wordpress specifically) as it is to be a vulnerability that's well-known enough to be opportunistically exploited but wasn't patched in a fully-updated version. Everyone has accidentally messed up a server in some way before, it's unfortunately pretty easy to do
@soatok
https://tilde.zone/@nytpu/113524374644939837
@nytpu @snow Yeah, I've deployed shit and had it immediately hacked before, and had no idea on how they got in. I hadn't even SSH'd in and installed git yet.
My best guess for that incident? […]
────
────