For almost four months, script kiddies ran amok in one of Stanford's subdomains, installing web shells, mailers, and other types of web malware.
The infection was noticed last week by security researchers at Netcraft and was reported to Stanford admins, who recently cleaned their site.
The affected website belongs to the Paul F. Glenn Center for the Biology of Aging at Stanford University.
According to timestamps of the files surreptitiously uploaded to the hacked site, attackers appear to have compromised the site on January 31, 2017.
Multiple hackers broke in, used the site for phishing, spam
The hacker who initially breached the site uploaded a simplistic web shell. Once the website was compromised, other hackers seem to have flocked to the same server, like flies to a carcass.
The others that came afterward uploaded more complex web shells, and then started varying their portfolio.
