• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 26th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Hacking News

Hackers deface thousands of website by exploiting WordPress vulnerability

February 8th, 2017 Ryan De Souza Hacking News, Security 0 comments
Hackers deface thousands of website by exploiting WordPress vulnerability
Share on FacebookShare on Twitter

WordPress vulnerabilities which were discovered recently have been negatively and sometimes fatally affecting countless websites thus far. Initially, there were three flaws (identified about two weeks back) for which WordPress has already released security updates. However, we later learned that there was another huge vulnerability that allowed cyber-criminals to obtain unauthorized remote access to manipulate WordPress sites by editing or even deleting pages. This vulnerability was disclosed by the security firm, Sucuri.

It must be noted that after the release of WordPress 4.7.2 in January 2017, the CMS/content management system’s developers revealed that the latest version contained all the necessary patches to fix the three previously identified flaws, namely SQL injection, cross-site scripting (XSS), and access control concerns.

Must Read: 10 Ways to Protect Your WordPress Site You Didn’t Know About

However, a week later, developers claimed that there was another flaw for which a patch was also included in the latest version update. This flaw was quite dangerous as it allowed cyber-criminals to gain administrator privileges. This was a content injection vulnerability which affected the REST API. The site admins had a week to patch the flaw but failed to update their sites. Last week, Sucuri disclosed the flaw; sending hackers into overdrive to capitalize on mistakes made. Thousands of sites have since been hacked with all their home pages carrying “Hacked By” messages.

Sucuri stated that hackers had compromised not hundreds but thousands of websites due to the availability of unpatched websites in such large quantity. The firm further stated that it was the delay in patches being implemented which resulted in such a large number of pages being affected.

Sucuri did inform WordPress about the vulnerability and a patch was included in the recent release from the company, but apparently, admins of the sites did not update their sites manually; perhaps they were relying on the automated updating feature, which unfortunately wasn’t working. Within 48 hours, hackers had started exploiting the flaw.

According to Sucuri, four different hacking groups were involved in the latest hack campaign involving WordPress websites. The exploitation is being conducted across the globe and there are apparently four campaigns running simultaneously against unpatched WordPress sites. One of the groups has managed to compromise over 66,000 pages while two groups have compromised 500 pages.

The company was able to make the assumption that there are four or maybe more perpetrators of the crime because they have identified various IP addresses. W4l3XzY3 and Cyb3r-Shia are believed to be the groups conducting mass attacks. Sucuri has suggested that users must block following four IP addresses immediately: 176.9.36.102, 185.116.213.71, 134.213.54.163, 2a00:1a48:7808:104:9b57:dda6:eb3c:61e1.

The IP address 37.237.192.22 is believed to belong to the hacker, so it is better that users block this one too. Two different hackers By+NeT.Defacer and By+Hawleri_hacker are using the same IP address, 144.217.81.160.

[fullsquaread][/fullsquaread]

Also Read: Program Languages That Generate Most Software Security Bugs

According to SecurityWeek, there is a fifth hacking group involved too, but all the actors participating in the exploitation of the unpatched sites are mostly novices trying to boost their popularity online. However, security experts fear that the flaw will be used to perform search engine poisoning. As CTO and founder of Sucuri Daniel Cid pointed out: “There’s already a few exploit attempts that try to add spam images and content to a post. Due to the monetization possibilities, this will likely be the #1 route to abuse this vulnerability.”


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

  • Tags
  • Cyber Crime
  • hacking
  • internet
  • security
  • Vulnerability
  • Wordpress
Facebook Twitter LinkedIn Pinterest
Previous article Mac malware from Iran targeting US defense industry, human rights activist
Next article Retail Giant Sports Direct Suffered Data Breach Affecting 30,000 Employees
Ryan De Souza

Ryan De Souza

Ryan is a London-based member of the HackRead's Editorial team. A graduate of Maths and physics with a passion for geopolitics and human rights. Ryan places integrity at the pinnacle of successful journalism and believes this is somewhat lacking in traditional media. Ryan is an educator who balances his time between family, social activism and humanitarian causes and his vice is Football and cars.

Related Posts
SonicWall hacked after 0-day flaws exploited by hackers

SonicWall hacked after 0-day flaws exploited by hackers

Massive privacy risk as hacker sold 2 million MyFreeCams user records

Massive privacy risk as hacker sold 2 million MyFreeCams user records

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Man jailed after attempting to buy 3-year-old girl on dark web
Cyber Crime

Man jailed after attempting to buy 3-year-old girl on dark web

96
SonicWall hacked after 0-day flaws exploited by hackers
Hacking News

SonicWall hacked after 0-day flaws exploited by hackers

120
Massive privacy risk as hacker sold 2 million MyFreeCams user records
Cyber Crime

Massive privacy risk as hacker sold 2 million MyFreeCams user records

162

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us