Brute Force Amplification Attacks Against WordPress XMLRPC

/1 Comment/in WordPress Security /by John Overall

 

Brute Force Amplification Attacks Against WordPress XMLRPC

http://xxxxsblog.sucuri.net/2015/10/brute-force-amplification-attacks-against-wordpress-xmlrpc.html Brute Force attacks are one of the oldest and most common types of attacks that we still see on the Internet today. If you have a server online, it’s most likely being hit right now. It could be via protocols like SSH or FTP, and if it’s a web server, via web-based brute force attempts against whatever CMS you are using.

Imagine a world where an attacker could amplify their Brute Force attacks in such a way that traditional mitigation strategies fall short. Instead of 500 different login attempts, the attackers could reduce their login attempts to say 20, or 50 and still try 500 or even thousands of passwords to each request. As you might imagine, this begins to make your mitigation strategy a bit harder to employ.

One of the hidden features of XML-RPC is that you can use the system.multicall method to execute multiple methods inside a single request. That’s very useful as it allow application to pass multiple commands within one HTTP request.

XML-RPC is a simple, portable way to make remote procedure calls over HTTP. It can be used with Perl, Java, Python, C, C++, PHP and many other programming languages. WordPress, Drupal and most content management systems support XML-RPC. Read original article here….

Unmasking Free Premium WordPress Plugins

/in WordPress Plugins, WordPress Security /by John Overall

 

Unmasking Free Premium WordPress Pluginshttp://xxxxsblog.sucuri.net/2014/03/unmasking-free-premium-wordpress-plugins.htmlWordPress has a large repository of free plugins (currently 30,000+) that can add almost any functionality to your blog. However, there is still a market for premium plugins. Premium plugins are especially popular when they help blogs make money: eCommerce, SEO, affiliate and customer management, and so on.

Such plugins may be really great and well worth their price, but not many webmasters are ready to pay for plugins, especially when they can find “free” or “nulled” versions of the same plugins on the Internet. All they need to do is search Google for [<plugin-name> free download].

Getting something valuable for free may sound great, however, in most cases, you won’t get what you expect. After all, you should ask yourself the question, why would someone spend their time to steal software, and then post it to various sites and forums where they can’t even count on any advertising revenue? Usually, the answer is that they expect to take advantage of the sites that install the software they post. How? By adding some undisclosed functionality to the stolen plugins like backdoors, ads, hidden links, and SPAM.

In this post, we’ll talk about “patched” malicious premium plugins. We’ll talk about what they do, how they work, and about websites that build their businesses around stolen WordPress themes and plugins. Read original article here…

Pirated Joomla, WordPress, Drupal themes and plugins contain CryptoPHP backdoor

/2 Comments/in WordPress News, WordPress Security /by John Overall

 

Pirated Joomla, WordPress, Drupal themes and plugins contain CryptoPHP backdoorhttp://www.scmagazine.com/pirated-joomla-wordpress-drupal-themes-and-plugins-contain-cryptophp-backdoor/article/385552/Illegal search engine optimization (SEO) is the goal of attackers who are freely distributing pirated Joomla, WordPress and Drupal themes and plugins that are packaged with a backdoor being referred to as CryptoPHP.

Last week Fox-It released a whitepaper on CryptoPHP, and in a Wednesday post the security company revealed that most of the command-and-control domains had been sinkholed or taken down.

Researchers observed 23,693 unique IP addresses connecting to the sinkholes, but by Monday that number had dipped to 16,786, according to the post.

WordPress Security Plugin Vulnerabilities for Oct 30th

/1 Comment/in WordPress News, WordPress Plugins, WordPress Security /by John Overall

 

WordPress Security Plugin Vulnerabilities for Oct 30thhttp://xxxxswww.wordfence.com/blog/2014/10/wordpress-security-plugin-vulnerabilities/This is a WordPress security report for Oct 30th 2014. We are publishing a list of current critical vulnerabilities that we want to draw your attention to. Please scan the list below and if you are using any of the products listed, or if you are aware of anyone using the products listed, please take the appropriate action which we include in each bullet point below.

If you are using any of these plugins, please take the action suggested in the bullet point above. Help spread the word to improve WordPress security for the WordPress community.

Keep Track of all WordPress Content Changeshttp://www.wpwhitesecurity.com/wordpress-plugins/monitor-wordpress-content-changes-wp-security-audit-log/When administering a busy multi user WordPress or WordPress multisite blog or website, it is vital to monitor content changes to ensure the integrity of the content, the website’s reputation and also to ensure that no malicious hacker is tampering the content with malicious code and malware.

When the content of a draft of published WordPress blog post, page or custom post type is changed the plugin will log such activity and alert you of such content change with the one of the WorPress security alert mentioned below:

CMS plugins are leaving the security door wide open

White hat hacker warns CMS plugins are leaving the security door wide open

/2 Comments/in WordPress News, WordPress Security /by John Overall

 

White hat hacker warns CMS plugins are leaving the security door wide openhttp://xxxxswww.daniweb.com/web-development/news/485743/white-hat-hacker-warns-cms-plugins-are-leaving-the-security-door-wide-openReading between the lines, the truth of the matter is that the vast majority of holes in the CMS code base, whichever platform you look at, have been found and fixed over the years. Kolochenko actually reckons that 99% of exploitable vulnerabilities in core CMS code fall into this category. So, CMS usage is pretty safe now then? Well, yes, but not 100% so and admins are partly to blame here. Weak passwords and password reuse are right up there at the top of the insecurity tree, along with social engineering attacks against CMS administrators. The compromise crown has to be placed upon the head of XSS vulnerabilities in plugins, made effective because of both the previous weaknesses.

Majik 8 Ball --- How is my site security?

You have a Great WordPress website So why Isn’t up to to Date?

/in General Information, WordPress Security /by John Overall

Guard your site now!It is very important that you keep your WordPress website up to date as recent events have shown again.  See these articles:

Search WordPress Plugins The Best WordPress Plugin Directory Search Engine
Major security vulnerability discovered in popular WordPress plugin
30,000 WordPress Blogs Infected to Distribute Rogue Antivirus Software
WARNING: 200,000 US-based WordPress web pages compromised by hijack injection attack

An argument I have had with many people over the years I have been involved in the computer industry has revolved around security. It usually goes like this:

  • Friend: You should get a Mac they are so much more secure from viruses than a PC.
  • Me: and why is that is their code better?
  • Friend: well I am not sure but they are not attacked.
  • Me: Yup you’re correct there but have you ever wondered about that? Think for a moment how much smaller the market is for Macs vs. PCs.
  • Friend: that does not make much difference
  • Me: really

An I am sure you can guess the rest, in a nut shell it is simple if you are a large enough target you will be attacked it does not matter what really. This has so become true of WordPress the largest CMS platform for building a website on the internet. It has become so large that it is estimated that 25% of the web now runs on WordPress. That is allot of web sites.

So of course the hackers, spammers and scammers have targeted this very large area. In particular it is much like Windows with multiple versions and many that are unsecure this makes for very easy targets and let’s face it the hackers are simply a lazy bunch.

Am I safe and secureBut you do not need to become a statistic and fall prey to the hackers and scammers, all you really need to do is keep your WordPress Website up to date. It is a pretty painless process you can do yourself or you can hire someone like me to handle it for you.

To complete the update simply log into your WordPress admin area and simply click the yellow bar telling you that you need to do updates and let it walk you through the process and 98% of the time it will be very smooth and have no issues. If you do have any issues please feel free to contact me at 250-885-2888 or via my contact page to get some help putting you back online.

You can also go to my WordPress Emergency Support Page for an ever growing list of tips that may help out.

John Overall

JohnOverall.com

WordPress Specialist