Wordfence reports about a recent surge in cross-site scripting (XSS) attacks targeting approximately 900,000 WordPress websites. The attacks peaked at 30 times the typical daily volume between April 28, 2020, and May 3, 2020, and they are based on the exploitation of known and already fixed vulnerabilities. Wordfence has recorded a large scale of launching points, with 24,000 distinct IP addresses being involved in this campaign. A common indicator of compromise in all cases would be the “hjt689ig9” or “trackstatisticsss” strings, while the most active IP addresses were “185.189.13.165,” “198.154.112.83,” and “89.179.243.3.”

As it becomes obvious from the above, defending against this large-scale campaign would be as easy as updating all of your WordPress themes and plugins while also removing those that are no longer supported by their authors. Sure, this could affect their functionality, break something on the site, or deprive you of features that are no longer available in the newest versions. Still, these drawbacks aren’t enough to make risking your site’s security worth it.

The actors in this campaign are injecting a malicious PHP backdoor in the theme’s header file, then they plant JavaScript, and fetch additional payloads from “trackstatisticsss.” By doing this, they hope to gain full control over the website, change its contents, embed web shells, create new admin users, or simply delete the site. The JavaScript is rechecking if the WordPress website is infected every 6,400 seconds – and if it’s not, it attempts to reinfect it.

Source: https://www.technadu.com/surge-attacks-wordpress-sites-importance-updates/101084/

World news – GB – A Surge in Attacks on WordPress Reminds Us Updates’ Importance

En s’appuyant sur ses expertises dans les domaines du digital, des technologies et des process , CSS Engineering vous accompagne dans vos chantiers de transformation les plus ambitieux et vous aide à faire émerger de nouvelles idées, de nouvelles offres, de nouveaux modes de collaboration, de nouvelles manières de produire et de vendre.

CSS Engineering s’implique dans les projets de chaque client comme si c’était les siens. Nous croyons qu’une société de conseil devrait être plus que d’un conseiller. Nous nous mettons à la place de nos clients, pour aligner nos incitations à leurs objectifs, et collaborer pour débloquer le plein potentiel de leur entreprise. Cela établit des relations profondes et agréables.

Nos services:

  1. Création des sites web professionnels
  2. Hébergement web haute performance et illimité
  3. Vente et installation des caméras de vidéo surveillance
  4. Vente et installation des système de sécurité et d’alarme
  5. E-Marketing

Toutes nos réalisations ici https://www.css-engineering.com/en/works/

LEAVE A REPLY

Please enter your comment!
Please enter your name here