The authors of the Joomla software announced that Joomla versions 3.4.4 through 3.6.3 have a critical security bug that allows “hackers” to take over a site by adding new administrative users (CVE-2016-8869).
The best solution for Joomla users is to update to version 3.6.4 immediately. However, we also added a rule to our servers this morning to block this attack. The rule should ensure that if you use our hosting service, hackers won’t be able to take advantage of this bug.
(And a tip o’ the hat to security researcher Melvin Lammerts, who published detailed technical information of the bug that allowed us to do this more quickly than usual.)