Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!
banner Expire 25 April 2025
adv ex on 5 january 2024
adv ex on 22 February 2024
Banner expire 20 November 2024
Kfc Club

Patrick Stash
casino
banner expire at 13 August 2024
BidenCash Shop
Rescator cvv and dump shop
Yale lodge shop
UniCvv
banner Expire 1 April  2021

Critical 'backdoor attack' warning issued for 60 million wordpress users

Neon Ghost

TRUSTED VENDOR
Staff member
Joined
Dec 3, 2020
Messages
1,784
According to WordPress, over 60 million people have chosen the software to power their websites. An ongoing "backdoor attack" is trying to compromise as many of them as possible. Here's what you need to know.
What do WordPress website owners need to know?
A website hacking campaign, that has been ongoing since July, has morphed from redirecting browsers to sites containing dodgy adverts or malicious software into something that is potentially even more problematical. JAMESy Veenstra, a researcher with the Defiant Threat Intelligence team, said that "the campaign has added another script which attempts to install a backdoor into the target site by exploiting an administrator’s session."
In a warning posted to the WordFence security blog on August 30, Veenstra revealed that a malicious JavaScript dropped into compromised websites looks to "create a new user with administrator privileges on the victim’s site." If a logged-in administrator is identified as viewing the infected page, it then goes on to make an AJAX call via jQuery, one that creates a rogue administrator account.
"This AJAX call creates a user named wpservices with the email [email protected] and the password w0rdpr3ss," Veenstra said, "with this user in place, the attacker is free to install further backdoors or perform other malicious activity."

How are the attackers getting access to your website?
As is often the case where WordPress site compromise is concerned, the threat actors behind the current attack campaign leverage vulnerabilities in third-party WordPress plugins. The official WordPress website states that there are some 55,133 plugins available at the moment. According to an Imperva report looking at web application vulnerabilities, only 3% of these were newly added during 2018. This means that there are a lot of old plugins out there, and likely still in use, which haven't been updated for a while. Given that in the report Imperva revealed "98% of WordPress vulnerabilities are related to plugins," the extent of the problem is easy enough to grasp.
Meanwhile, Veenstra stated that the plugins that are under attack currently had been identified as follows:
Bold Page Builder
Blog Designer
Live Chat with Facebook Messenger
Yuzo Related Posts
Visual CSS Style Editor
WP Live Chat Support
Form Lightbox
Hybrid Composer
All former NicDark plugins (nd-booking, nd-travel, nd-learning)
If you are a WordPress-powered website owner using any of these plugins, then you are advised to check you have the latest updated versions. Follow the links above to check on update status, as most of these have already been patched. However, Veenstra warned that "it’s reasonable to assume any unauthenticated XSS or options update vulnerabilities disclosed in the near future will be quickly targeted by this threat actor."
How can you best mitigate WordPress website threats?
"As always, updating the plugins and themes on your WordPress site is an excellent layer of defense against campaigns like these," Veenstra said, "check your site for needed updates frequently to ensure you’re receiving the latest patches as they’re released."
Ethical hacker John Opdenakker says that it's "best to combine several layers of protection," so as well as those plugin update checks he says, "it’s certainly a good idea to use a web application firewall to help block cross-site scripting (XSS) attacks."
I would add that using two-factor authentication for admin access to the WordPress website isn't optional these days; it's a must-have.
This advice applies to all website owners that have taken the WordPress route to content publishing, not just the most popular or the big names online. Don't think that just because you are a little fish in a big pond that the cybercrime sharks won't bite you; they will. Criminals are always probing sites for ways to compromise them, either to use for serving malicious adverts, redirecting to other malicious websites or to get a foothold that can be leveraged as part of a bigger attack plan.
 
Top Bottom