The magazine website was redirecting to the escort site for a number of hours, before being taken down entirely. Normal service was resumed later on Wednesday.
Marc Wickenden, technical director of penetration test outfit 4ARMED, who alerted them to the breach, told SCMagazineUK.com that it looked like the Drupal site had been compromised.
“CMS hacks aren't exactly big news but given the high-profile of the site and the fact that politicians and MPs are one of its big audiences it was kind of interesting to me," he told SC. "I haven't analysed the site it was redirecting to for malware but Google Safe Browsing etc don't report it as malicious.”
He said that, as most CMS hacked are “related to a known vulnerability in the software, or in a plug-in being used, even if the software itself is up-to-date”, keeping on top of patching is vital.
In this case, he noted that after the hack, the site was shown to be running on Drupal version 7.36, the latest version of the content management software, although he said that it was ‘odd' this was up to date when the version of PHP was not.
New Statesman representatives told SC that it was a "simple manipulation of directs", with "only" the front page affected. “No data was lost or personal information accessed. It was embarrassing, but superficial. We've fixed the affected module now.”
The issue was complicated by the fact the site was migrating to a new hosting environment at the same time.
In January, the magazine reported that more than 2.5 million unique users visited newstatesman.com.