The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: WordPress

Vulnerabilities in 'All in One SEO Pack' Wordpress Plugin Put Millions of Sites At Risk

Vulnerabilities in 'All in One SEO Pack' Wordpress Plugin Put Millions of Sites At Risk

May 31, 2014Wang Wei
Multiple Serious vulnerabilities have been discovered in the most famous ‘ All In One SEO Pack ’ plugin for WordPress, that put millions of Wordpress websites at risk. WordPress is easy to setup and use, that’s why large number of people like it. But if you or your company is using ‘ All in One SEO Pack ’ Wordpress plugin to optimize the website ranking in search engines, then you should update your SEO plugin immediately to the latest version of All in One SEO Pack 2.1.6 . Today, All in One SEO Pack plugin team has released an emergency security update that patches two critical privilege escalation vulnerabilities and one cross site scripting (XSS) flaw, discovered by security researchers at Sucuri, a web monitoring and malware clean up service. More than 73 million websites on the Internet run their websites on the WordPress publishing platform and more than 15 million websites are currently using All in One SEO Pack plugin for search engine optimization. Acco
162,000 vulnerable WordPress websites abused to perform DDoS Attack

162,000 vulnerable WordPress websites abused to perform DDoS Attack

March 12, 2014Anonymous
DDoS attacks are a growing issue facing by governments and businesses. In a recent attack, thousands of legitimate WordPress websites have been hijacked by hackers, without the need for them to be compromised. Instead, the attackers took advantage of an existing WordPress vulnerability ( CVE-2013-0235 ) - “ Pingback Denial of Service possibility ”. According to security company Sucuri , in a recent amplification attack more than 162,000 legitimate Wordpress sites were abused to launch a large-scale distributed denial-of-service (DDoS) attack . The attack exploited an issue with the XML-RPC (XML remote procedure call) of the WordPress, use to provide services such as Pingbacks, trackbacks, which allows anyone to initiate a request from WordPress to an arbitrary site. The functionality should be used to generate cross references between blogs, but it can easily be used for a single machine to originate millions of requests from multiple locations. " Any
DDoS Attacks originated from thousands of .EDU and .GOV WordPress Blogs

DDoS Attacks originated from thousands of .EDU and .GOV WordPress Blogs

December 04, 2013Mohit Kumar
In a recent cyber attack on a Forum site, thousands of outdated legitimate WordPress blogs were abused to perform DDOS attacks using previously known vulnerabilities . After analyzing the Log file from the victim's server, we have noticed many Wordpress CMS based educational (.EDU) and Government (.GOV) websites from where the attack was originated. In the past we have reported about many such cyber attacks, where attackers hacked into the Wordpress blogs using password brute-force attack or they used the  PINGBACK  vulnerability in older versions of Wordpress without compromising the server. WordPress has a built in functionality called Pingback , which allows anyone to initiate a request from WordPress to an arbitrary site and it can be used for a single machine to originate millions of requests from multiple locations. We have seen more than 100,000 IP addresses involved in the recent DDOS attack and the victim's Forum website received more than 40,000 requests in 7 mi
Thousands of Wordpress blogs compromised to perform DDOS attack

Thousands of Wordpress blogs compromised to perform DDOS attack

September 25, 2013Mohit Kumar
There is currently a Mega cyber attack campaign being launched on a large number of WordPress websites across the Internet.  In April, 2012 we reported about a large distributed brute force attack against millions of WordPress sites were occurring, out of that hackers are successful to compromise 90,000 servers to create a large Botnet  of Wordpress hosts. According to the DDOS attack logs report  received from a ' The Hacker News ' reader ' Steven Veldkamp ', victim's website was under under heavy DDOS attack recently, coming from various compromised Wordpress based websites. Possibly using the brute force attack on WordPress administrative portals with the a world list of the most commonly used username and password combinations, attackers are taking control of many poorly secured WordPress Hosts. After analyzing the piece of a DDOS attack Log file from timing 23/Sep/2013:13:03:13 +0200 to 23/Sep/2013:13:02:47 +0200, we found that in 26 second attacker was
New Botnet Campaign 'Fort Disco' Brute-Forcing Thousands of WordPress, Joomla Websites

New Botnet Campaign 'Fort Disco' Brute-Forcing Thousands of WordPress, Joomla Websites

August 09, 2013Anonymous
Password theft has been a growing problem within the security community. Researchers at Arbor Networks have uncovered a botnet called Fort Disco that was used to compromise more than 6000 websites based on popular CMSs such as WordPress , Joomla and Datalife Engine. The Fort Disco botnet is currently made up of nearly 25,000 Windows machines and receives a list of sites to attack from a central command and control server. The bots receive also a list of common username-password combinations, typically composed of default combinations with password options including admin or 123456. Arbor Networks security researcher Matthew Bing said the attack has several advanced features that make it next to impossible to fully track and they obtained precious info on the botnet exploiting a misconfiguration on the attackers’ side that made possible the analysis of logs on several of the six command and control servers discovered. “ We stumbled upon these detailed logs the attacker left open o
Drupal resets 1 Million Passwords after Data Breach

Drupal resets 1 Million Passwords after Data Breach

May 31, 2013Anonymous
A Drupal data breach was announced by the official Drupal Association, that Passwords for almost one million accounts on the Drupal.org website are being reset after hackers gained unauthorized access to sensitive user data. The security of the open source content management system has been compromised via third-party software installed on the Drupal.org server infrastructure, and was not the result of a vulnerability within Drupal itself. As countermeasure it is resetting the passwords for nearly one million accounts in the wake of a data breach . Information exposed includes usernames, email addresses, and country information, as well as hashed passwords . The Drupal.org hasn't revealed the name of the third-party application exploited during the attack. Evidence of the Drupal data breach was found during a routine security audit: “ Upon discovering the files during a security audit, we shut down the association.drupal.org website to mitigate any possible ongoing security i
Millions of WordPress sites exploitable for DDoS Attacks using Pingback mechanism

Millions of WordPress sites exploitable for DDoS Attacks using Pingback mechanism

May 01, 2013Mohit Kumar
Distributed Denial of Service attacks have increased in scale, intensity and frequency. The wide range of motives for these attacks political , criminal, or social makes every merchant or organization with an online presence a potential target. Over the weekend Incapsula mitigated a unique DDoS attack against a large gaming website, in which they have discovered a DDoS attack using thousands of legitimate WordPress blogs without the need for them to be compromised. Incapsula released the list of approximately 2,500 WordPress sites from where the attack was originated, including some very large sites like Trendmicro.com, Gizmodo.it and Zendesk.com . In a recent report , we posted about another method for DDoS attacks using DNS amplification , where a DNS request is made to an open DNS resolver with the source IP address forged so that it is the IP address of the targeted site to which the response is thus sent, but this new method uses HTTP rather than DNS. The
Outdated version of WordPress leads to MasterCard Hack

Outdated version of WordPress leads to MasterCard Hack

January 09, 2013Mohit Kumar
On tip of a readers, yesterday we came across a new MasterCard hack, performed by  Syrian Electronic Army . Hackers was able to breach MasterCard Blog ( https://insights.mastercard.com ) and make a new blog post on the website with title " Hacked By Syrian Electronic Army " on January 5, 2013. For now MasterCard deleted that post, but readers can check Google cache . Today we tried to contact the hacker, but may be they are busy in Hacking Next Target , I started my investigation that how they can hack such a big economic website's blog. Starting from very first step, Information gathering about your target. Simple by reviewing the source code we found that MasterCard blog is using Wordpress. We all know, WordPress is particular a popular attack vector for cyber criminals. To know this, I just tried to access the readme.html file of CMS , that's it - MasterCard #fail ! They are using an old  Wordpress 3.3.2  version, instead of the current version 3.
WordPress plugin W3 Total Cache critical Vulnerability disclosed

WordPress plugin W3 Total Cache critical Vulnerability disclosed

December 26, 2012Wang Wei
One of the most popular Wordpress Plugin called " W3 Total Cache " which is used to Improve site performance and user experience via caching, having potential vulnerability. On Christmas day, someone disclose it on full-disclosure site that how a plugin misconfiguration leads to possible Wordpress cms hack. The loophole is actually activated on the fact that how W3TC stores the database cache. Jason disclosed that cache data is stored in public accessible directory, from where a malicious attack can can retrieve password hashes and other database information. Default location where this plugin stores data is " /wp-content/w3tc/dbcache/ " and if directory listing is enabled, attacker can browse and download it. He said," Even with directory listings off, cache files are by default publicly downloadable, and the key values / file names of the database cache items are easily predictable. " Because the plugin is very famous ,so this makes quite
WordPress Pingback Vulnerability Serves DDoS attack feature

WordPress Pingback Vulnerability Serves DDoS attack feature

December 18, 2012Mohit Kumar
Accunetix a web application security company reported vulnerabilities found in the Wordpress Pingback feature. According to report, Pingback vulnerability exists in the WordPress blogging platform that could leak information and lead to distributed denial of service (DDoS) attacks. " WordPress has an XMLRPC API that can be accessed through the xmlrpc.php file. When WordPress is processing pingbacks, it's trying to resolve the source URL, and if successful, will make a request to that URL and inspect the response for a link to a certain WordPress blog post. If it finds such a link, it will post a comment on this blog post announcing that somebody mentioned this blog post in their blog. " Bogdan Calin explained . Pingback is one of three types of linkbacks, methods for Web authors to request notification when somebody links to one of their documents. This enables authors to keep track of who is linking to, or referring to their articles. Some weblog software, such as Mo
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.