IRONY: /’irænē/ Noun. A state of affairs or an event that seems deliberately contrary to what one expects and is often amusing* as a result.
The European Union passed laws earlier in 2017 and 2018 to help protect consumers’ personal data online. The EU General Protection Data Regulation (GDPR) is supposed to make companies gather consent to use people’s information and protecting it from scammers and identity thieves.
WordPress offered a GDPR plugin to allow website owners to add a checkbox to their sites. This allowed users of the website to give permission to the website owners to use their data for a defined purpose. Website users were given the opportunity to request copies of the information that the website had gathered about them.
The GDPR plugin can allow users to configure it through the admin-ajax.php file, which is where the hackers found a chink in the armor, so to speak. Identity thieves can use the file to send bad commands, which the plugin stores and executes, allowing the attackers to use WordPress for their own malicious ends.
According to Wordfence, the WordPress security firm, the attackers are using the plugin in two ways.
In regards to the second attack, Wordfence couldn’t find any signs of malicious code in connection to the hack, but warn that the hackers may be lying in wait for things to cool down before they made their next move. According to Wordfence’s warning: “It’s possible that these attackers are stockpiling infected hosts to be packaged and sold wholesale to another actor who has their own intentions. There’s also the chance that these attackers do have their own goals in mind, but haven’t launched that phase of the attack yet.”
The developers of the WP GDPR Compliance plugin have fixed the flaw and the plugin has been restored to the WordPress directory. Unfortunately, it wasn’t caught in time for a lot of website owners who are now cleaning up hacked sites and trying to rid their sites of the malicious code.
If you suspect that your site has been hacked or corrupted by a hacker, contact the experts at WTI to help you get your site healthy and back online.
*No one involved with cleaning up the WP GDPR Compliance exploitation found this amusing.
If you’ve ever dealt with a website hack, you know what a hassle it can be. Whether your website goes down or displays incorrect or inappropriate content, every hack is a serious headache. In May of 2018, Sucuri, one leading company when it comes to website security information, released a study with data from 2017. See the highlights below and learn what you can do to prevent hacks.
In 2017, the three website CMS platforms most commonly infected by a hack were WordPress, Joomla!, and Magneto. Despite WordPress being known as the most popular and one of the most secure CMS platforms, especially for SEO purposes, it is also the most hacked. It is important to note, however, that most of these hacks were not due to the CMS application itself The hacks were more often the result of improper practices by webmasters, or weaknesses in extra components like plugins, extensions, and modules (Sucuri).
2017 also saw a decrease in outdated CMS platforms at the point of infection. Here is a breakdown of the number of infected sites Sucuri studied that were outdated as well as a comparison to outdated and infected sites in 2016 (Sucuri):
The key takeaway here is that even with a secure CMS, it is important to have a knowledgeable web team that can provide backup security measures.
When a prominent blacklist authority like Google flags a hacked website, it means that the site has been blacklisted. Blacklisting can affect Search Engine rankings as well as mediums for communication, such as email using the site domain.
In 2017, 17% of infected websites Sucuri observed were blacklisted. This is a 2% increase from Q3 of 2016. Norton and McAfee accounted for 45% of blacklisted sites, while Google Sae Browsing accounted for only 12.9% of blacklisted sites (Sucuri).
In their 2017 study, Sucuri also analyzed the different trends in Malware. See the most common malware families in 2017, along with descriptions of key families:
Some other interesting trends in 2017 was an increase in spam SEO, and an 82% increase in the number of files cleaned from the last report in Q3 of 2016. The rise in spam SEO shows that hackers are now finding it more worthwhile to use SEO spam than malware. The increase in filed cleaned indicates a greater depth of files being affected in hacks, meaning that merely clearing one file of symptoms will likely not fix a hack entirely. The top three modified filed in hacks studied were the index.php (28$), the .htaccess (10%), and the functions.php (9%) (Sucuri).
The bottom line here is that hackers are smart and getting smarter every day. It’s more important now than ever to make sure your website is protected.
Making smart choices to ensure your website is secure is the best way to combat the rise in hacking. Get an SSL, choose a CMS that is secure, keep your CMS updated, look into website backup systems, and purchase a security package to protect your site as well as information belonging to you and your customers.