HACKERS have targeted more than 1.6million WordPress sites in a massive cyber attack.
Cyber security firm Wordfence say their researchers have detected an ongoing wave of attacks that originated from over 16,000 different IP addresses.
2
The Wordfence Theat Intelligence Team said a surge in attack had come over the last 36 hours which targets security bugs in four WordPress plugins and 15 Epsilon Framework themes.
Wordfence claims to have blocked more than 13.7m attacks so far.
The four plugins being targeted are: Kiwi Social Share, WordPress Automatic, Pinterest Automatic and PublishPress Capabilities.
Researchers say the plugins are affected by “Unauthenticated Arbitrary Options update” vulnerabilities, reports Computing.
Hackers are also said to be targeting a “Function Injection” flaw in 15 Epsilon Framework themes to update arbitrary options.
Most read in Tech
One of the 15 themes currently does not have a patch available.
The targeted Epsilon Framework themes and vulnerable versions are:
- Activello <=1.4.1
- Allegiant <=1.2.5
- Affluent <1.1.0
- Shapely <=1.2.8
- Antreas <=1.0.6
- NewsMag <=2.4.1
- Illdy <=2.1.6
- Newspaper X <=1.3.1
- MedZone Lite <=1.2.5
- Pixova Lite <=2.0.6
- Brilliance <=1.2.9
- Transcend <=1.1.9
- Regina Lite <=2.0.5
- Bonkers <=1.0.5
- NatureMag Lite – No patch available (recommended to uninstall from site)
Wordfence analysts say the hackers are changing the “users_can_register” option to “enabled” and setting the “default_role” option to “administrator” in most cases.
This allows the hackers to register as an administrator on a site and take it over.
The top three offending IPs include:
- 144.91.111.6 with 430,067 attacks blocked
- 185.9.156.158 with 277,111 attacks blocked
- 195.2.76.246 with 274,574 attacks blocked
Website admins are urged to check to see if their site has already been compromised by reviewing all users and search for any unauthorised accounts.
Admins should delete any rogue additions as soon as possible.
They are also recommended to review the site’s settings at ‘http://examplesite[.]com/wp-admin/options-general.php’ and make sure the Membership setting and ‘New User Default Role’ are properly set.
UPDATE PLUGINS ASAP
As well, all plugins and themes on WordPress should be updated as soon as possible.
In 2019, Mailgun’s website was attacked by hackers who targeted a WordPress plugin called Yuzo Related Posts.
The cybercriminals added code into sites which redirected visitors to a malicious website.
In the same year, hackers exploited a flaw in the plugin Social Warfare to attack websites.
The criminals injected JavaScript code into the social sharing links present on a website’s posts.
It was discovered in 2017 that a popular WordPress plug-in which had been installed on around 300,000 websites had been compromised with malicious code which opened a back door into the websites.
Attackers also breached the web-hosting firm GoDaddy last month and gained access to the information of nearly 1.2m active and inactive Managed WordPress customers.
The attack allowed the criminal to view their customer numbers, email addresses as well as passwords for the secure file transfer protocol and database, as well as the database usernames for active customers.
2
Cyber security company show how hackers could use your PRINTER to access your Gmail in new cyber security threat
We pay for your stories!
Do you have a story for The US Sun team?
