The reputed security firm WordPress, dealing with site security solutions have uncovered an attack on nearly 20,000 WordPress sites. These sites have been coded into attack bots and are initiated to attack other sites. This is a part of a big malware and hacking chain which should be a concern for internet security worldwide.
Hackers broke into secure Russian Servers using almost 15,000 Russian Proxy Sites using Command to Control method. The C2 Servers helped to hack into those 20,000 WordPress sites and turn them into “attack bots”.
These attack bots, in turn, used brute force to break through other WordPress sites. JavaScript would enable hackers to procure a default username by a name and a password using which, they can create a mirror Account in case the default account crashes.
Fortunately, WordPress was able to detect IPs and modules used by the miscreants from their background attack script. Authorities claim to have blocked the responsible sites using Brute Force Protection techniques and secure firewall systems. More than 5 million authentication attempts by these attackers have been reported by WordPress. Thankfully, none of them could be penetrated due to timely response and detection by WordPress.
Some WordPress plugins are also acting as security threats for the sites. There was previously a major issue in AMP(Accelerated Mobile Pages) Plugins of Word Press. After detection and analysis of its vulnerability by Dutch Security Analyst Sybre Waaijer, it was duly removed. The back-end data revealed the JavaScript loops the hackers used to break into the secure WP Servers.
WordPress is now concentrating on reducing Plugin bugs and strengthening servers so that sites continue using WordPress to customize their websites and data.