WordFence Security released a post back on February 2 that detailed their findings on a sophisticated exploit against WordPress sites. We have discussed the importance of proper WordPress security on our blog several times in the past. See the links below to review those articles.
You can see the video that WordFence created here.
This exploit can be used to load 47 tools to further compromise the affected web site. These tools allow the attacker to do the following:
- Launch attack shells that let attackers manage the file system.
- Access the database through a well designed SQL client.
- View system information.
- Mass infect the system.
- Perform a Denial of Service attack on other systems.
- Find and infect all Content Management Systems.
- View and manage user accounts both on CMS’s and the local operating system.
- An FTP brute force attack tool.
- A Facebook brute force attack tool.
- A WordPress brute force attack script.
- Tools to scan for config files or sensitive information.
- Tools to download the entire site or parts of the site.
- The ability to scan for other attackers shells.
- Tools to change site configuration files to host malicious code.
WordFence also reported on the Aethera botnet that is attempting to brute force the passwords for WordPress sites.
You can find a more technical explanation of the underling PHP code base used in the attack in a recent article on Naked Security.
I have tried WordFence, Sucuri, and BulletProof on different sites, and WordFence is my favorite. They all have advantages. Sucuri, for instance, runs on other CMS websites. My recommendation for WordPress site owners and developers is to install one of these fine plug-ions to every WordPress site you own or manage, and keep stuff like this from happening in the first place.
- WordFence – An Attack Platform Infecting WordPress Sites
- WordFence – Aethera Botnet
- Naked Security – PHP ransomware attacks blogs, websites
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com