Another one, exactly the same way, but with a different IP, hit another site I look after. Sheesh!The Wordfence Web Application Firewall has blocked 114 attacks over the last 10 minutes. Below is a sample of these recent attacks:
April 30, 2020 11:24pm xxx.xx.xx.xxx (Poland) Blocked for Directory Traversal - wp-config.php in query string: file=../../../../../../wp-config.php
Wordpress Related News
Forum rules
Please make yourself familiar with our rules and guidelines before posting.
Please make yourself familiar with our rules and guidelines before posting.
- LMD
- Contributing Member
- Posts: 1188
- Joined: Sat Jan 04, 2020 4:40 pm
- Reputation: 596
- Location: Somewhere north of the 49th parallel.
- Has thanked: 34 times
- Been thanked: 44 times
- Contact:
Re: Wordpress Related News
Here's one I don't see that often.
- LMD
- Contributing Member
- Posts: 1188
- Joined: Sat Jan 04, 2020 4:40 pm
- Reputation: 596
- Location: Somewhere north of the 49th parallel.
- Has thanked: 34 times
- Been thanked: 44 times
- Contact:
Combined Attack on Elementor Pro and Ultimate Addons for Elementor Puts 1 Million Sites at Risk
More here at WordFence blog: https://www.wordfence.com/blog/2020/05/ ... e=hs_emailDetailing active exploitation of vulnerabilities in two related plugins: Elementor Pro and Ultimate Addons for Elementor. We have reviewed the log files of compromised sites to confirm this activity.
Last edited by J. H. Rasmussen on Thu May 07, 2020 8:42 pm, edited 1 time in total.
Reason: Moved post to thread Wordpress Related News.
Reason: Moved post to thread Wordpress Related News.
- LMD
- Contributing Member
- Posts: 1188
- Joined: Sat Jan 04, 2020 4:40 pm
- Reputation: 596
- Location: Somewhere north of the 49th parallel.
- Has thanked: 34 times
- Been thanked: 44 times
- Contact:
Re: Wordpress Related News
And, yet another security issue with, yet another plugin...
More on this here: https://www.wordfence.com/blog/2020/05/ ... i=87716683Moments ago, our Threat Intelligence team published a report detailing vulnerabilities found in the “Page Builder by SiteOrigin” plugin, which is installed on over 1 million WordPress sites.
These two flaws two allow attackers to forge requests on behalf of a site administrator and execute malicious code in that administrator’s browser.
- LMD
- Contributing Member
- Posts: 1188
- Joined: Sat Jan 04, 2020 4:40 pm
- Reputation: 596
- Location: Somewhere north of the 49th parallel.
- Has thanked: 34 times
- Been thanked: 44 times
- Contact:
Re: Wordpress Related News
I'm not a reseller - just a user of the plugin. So, I get these notices when there are "up-ticks" in threats, or specific plugins that can be, or are compromised, and should be either updated (if the authors are aware and have updated their plugin) or removed (if the authors are lazy, or not responsive to maintaining their free plugins). Of the site's I manage, there are about 4 that are regular targets of failed login attempts, password recovery attempts, and sometimes some nasty other things like this, which is one example of the multiple attempts to hack:
Maybe the paid plugin allows for more IP blocking options. :shrug:
Anyhow, this just came in:
Unless these clients that are being targeted, are visiting questionable sites, have compromised systems, or something else I am not privy to, the random attacks can seemingly appear very focused. Normally when these attacks take place, the offending IPs are blocked for 2 months (which is the maximum default block), unless I manually block each IP forever, but I'm not paid enough for that level of scrutiny.The Wordfence Web Application Firewall has blocked 101 attacks over the last 10 minutes. Below is a sample of these recent attacks:
May 10, 2020 4:21pm 94.23.103.179 (Czech Republic) Blocked for Directory Traversal - wp-config.php in query string: file=../../../../../../wp-config.php
Maybe the paid plugin allows for more IP blocking options. :shrug:
Anyhow, this just came in:
More on this: https://www.wordfence.com/blog/2020/05/ ... i=87850880This morning the Wordfence Threat Intelligence Team published an update about an intensifying attack campaign. The number of attacks from this single threat actor is outpacing all other attacks on WordPress vulnerabilities, combined.
You can find details of this campaign, it’s growth, malware payloads and indicators of compromise on the official Wordfence blog.
-
- Administrator
- Posts: 1786
- Joined: Fri Nov 08, 2019 12:44 am
- Latest blog post: Have You Read the Webmaster Guidelines Yourself?
- Reputation: 987
- Location: Canada
- Has thanked: 22 times
- Been thanked: 113 times
- Contact:
WordPress 5.4.2 Security and Maintenance Release
Time to make sure your Wordpress install auto updated (if you set to do that) and make sure your plugins are compatible:
June 10, 2020
Continued: WordPress 5.4.2 Security and Maintenance ReleaseWordPress 5.4.2 is now available!
This security and maintenance release features 23 fixes and enhancements. Plus, it adds a number of security fixes—see the list below.
These bugs affect WordPress versions 5.4.1 and earlier; version 5.4.2 fixes them, so you’ll want to upgrade.
If you haven’t yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the bugs for you.
June 10, 2020
-
- Administrator
- Posts: 1786
- Joined: Fri Nov 08, 2019 12:44 am
- Latest blog post: Have You Read the Webmaster Guidelines Yourself?
- Reputation: 987
- Location: Canada
- Has thanked: 22 times
- Been thanked: 113 times
- Contact:
KingComposer patches XSS flaw
If your Wordpress site uses KingComposer plugin is has a XSS flaw that needs to be fixed:
The vulnerability could be exploited to execute malicious payloads in visitor browsers.
July 10, 2020
Read more here: KingComposer patches XSS flaw impacting 100,000 WordPress websitesA reflected cross-site scripting (XSS) vulnerability impacting 100,000 websites has been patched in the KingComposer WordPress plugin.
KingComposer is a drag-and-drop page builder for WordPress-based domains that removes the need to program or directly code websites powered by the content management system (CMS)...
The vulnerability could be exploited to execute malicious payloads in visitor browsers.
July 10, 2020
-
- Administrator
- Posts: 1786
- Joined: Fri Nov 08, 2019 12:44 am
- Latest blog post: Have You Read the Webmaster Guidelines Yourself?
- Reputation: 987
- Location: Canada
- Has thanked: 22 times
- Been thanked: 113 times
- Contact:
Fake WordPress Plugin SiteSpeed Serves Malicious Ads & Backdoors
If you are using a SiteSpeed plugin on your Wordpress site you better read this to make sure you are not using the fake one serving malicious ads and backdoors:
Source: https://securityboulevard.com/2020/07/f ... backdoors/Fake WordPress plugins appear to be trending as an effective way of establishing a foothold on compromised websites.
During a recent investigation, we discovered a fake component which was masquerading as a legitimate plugin. Named SiteSpeed, it contained a lot of interesting malicious capabilities...
Last edited by J. H. Rasmussen on Thu Jul 16, 2020 8:34 pm, edited 1 time in total.
Reason: Added what i assume was the source link.
Reason: Added what i assume was the source link.
-
- Administrator
- Posts: 1786
- Joined: Fri Nov 08, 2019 12:44 am
- Latest blog post: Have You Read the Webmaster Guidelines Yourself?
- Reputation: 987
- Location: Canada
- Has thanked: 22 times
- Been thanked: 113 times
- Contact:
WordPress plugin Comments – wpDiscuz
If you are using wpDiscuz plugin in your Wordpress installation you need to read this and patch it:
July 29, 2020
Critical Security Flaw in WordPress Plugin Allows RCE
WordPress plugin Comments – wpDiscuz, which is installed on over 70,000 sites, has issued a patch.
Researchers are warning of a critical vulnerability in a WordPress plugin called Comments – wpDiscuz, which is installed on more than 70,000 websites. The flaw gives unauthenticated attackers the ability to upload arbitrary files (including PHP files) and ultimately execute remote code on vulnerable website servers.
Comments – wpDiscuz enables WordPress websites to add custom comment forms and fields to sites, and serves as an alternative to services like Disqus. Researchers with Wordfence, who discovered the flaw, have notified the plugin’s developer, gVectors, which issued a patch on July 23...
July 29, 2020
-
- Administrator
- Posts: 1786
- Joined: Fri Nov 08, 2019 12:44 am
- Latest blog post: Have You Read the Webmaster Guidelines Yourself?
- Reputation: 987
- Location: Canada
- Has thanked: 22 times
- Been thanked: 113 times
- Contact:
Re: Wordpress Related News
Wordpress 5.5 is now available:
August 11, 2020
WordPress 5.5 “Eckstine”In WordPress 5.5, your site gets new power in three major areas:
speed, search, and security.
August 11, 2020
-
- Administrator
- Posts: 1786
- Joined: Fri Nov 08, 2019 12:44 am
- Latest blog post: Have You Read the Webmaster Guidelines Yourself?
- Reputation: 987
- Location: Canada
- Has thanked: 22 times
- Been thanked: 113 times
- Contact:
Re: Wordpress Related News
If you are using Quiz and Survey Master plugin on your Wordpress site have a look at this notice:
Critical Flaws in WordPress Quiz Plugin Allow Site Takeover..A plugin that is designed to add quizzes and surveys to WordPress websites has patched two critical vulnerabilities. The flaws can be exploited by remote, unauthenticated attackers to launch varying attacks – including fully taking over vulnerable websites.
The plugin, Quiz and Survey Master, is actively installed on over 30,000 websites. The two critical flaws discovered by researchers include an arbitrary file-upload vulnerability, ranking 10 out of 10 on the CVSS scale; as well as an unauthenticated arbitrary file deletion error, ranking 9.9 out of 10. A patch is available for both issues in version 7.0.1 of the plugin, said the researchers with Wordfence who discovered the flaws, in a Thursday post...
Who is online
Users browsing this forum: No members and 14 guests