WP Provider
WP Provider
134 Google recensies
Ferdi Verlaan
24/03/2023
Goede partner, supersnelle response. Blij met ze ;-)
Bert Steinebach
16/03/2023
Dit bedrijf reageert snel en deskundig. Dat geeft een vertrouwd gevoel.
Patrick Diepgrond
06/03/2023
Always the best service. You have a question, ask them and the respond right away. Those are the guys that will take care of you. For many time they help me out and always Super quick and Super good. Thanks guys. Go on like that. Patrick Diepgrond
Jeroen Heerschop
06/03/2023
We are a customer of WPProvider for years now. We are also hosting our key customers with them. With other hosts we always encountered issues. But never with WPProvider. Priccing and responsiveness are really worth 5 stars.
Rita Kemink
20/01/2023
Onze vereniging is sinds kort overgestapt naar WPProvider, zij hebben deze overstap keurig geregeld. Reageren snel bij vragen en de hulp is fantastisch.
Perfectpro Algemeen
18/01/2023
Betrouwbaar, adequaat en behulpzaam
BS TOYS
12/01/2023
Zojuist voor het eerst kennisgemaakt met WP Provider. Supersnel geholpen, blij mee!
Virgil Bloemhard
30/12/2022
Snelle support. Een DNS aanpassing aangevraagd via de mail en binnen een paar minuten al doorgevoerd!
byAr Bicycle
04/12/2022
Harde werkers, top service, staan altijd voor je klaar! Wat kan je nog meer wensen?!

WordPress websites vulnerable due to new Linux backdoor malware

Antivirus vendor Dr. Web has discovered malware that targets WordPress sites running on Linux. The malware consists of two variants and can carry out attacks using outdated plugins. The first variant, Linux.BackDoor.WordPressExploit.1, targets both 32-bit and 64-bit versions of the open-source operating system.

Linux.BackDoor.WordPressExploit.1 is a backdoor controlled remotely by malicious actors. At their command, it can perform the following actions:

  • Attacking a particular web page (website);
  • Switch to standby mode;
  • Closes itself;
  • Interrupting the logging of his actions.

 

“If sites use outdated versions of such plugins that lack crucial fixes, the targeted Web pages are injected with malicious JavaScripts,” Russian security vendor Doctor Web said in a report published last week. “As a result, when users click on any part of an attacked page, they are redirected to other sites.”

The attacks involve a list of known security vulnerabilities in 19 different plugins and themes installed on a WordPress site.

It is also capable of injecting JavaScript code retrieved from a remote server to redirect site visitors to an attacker’s arbitrary website.

Doctor Web says it has discovered a second version of the backdoor, which uses a new command-and-control (C2) domain, as well as an updated list of flaws that includes 11 additional plugins, bringing the total to 30.

The new list of plugins and themes are below –
Note: no versions are listed. So always make sure you use the latest version of plugins and themes.

  • WP Live Chat Support
  • Yuzo Related Posts
  • Yellow Pencil Visual CSS Style Editor
  • Easy WP SMTP
  • WP GDPR Compliance
  • Newspaper(CVE-2016-10972)
  • Thim Core
  • Smart Google Code Inserter(discontinued as of January 28, 2022)
  • Total Donations
  • Post Custom Templates Lite
  • WP Quick Booking Manager
  • Live Chat with Messenger Customer Chat by Zotabox
  • Blog Designer
  • WordPress Ultimate FAQ(CVE-2019-17232 and CVE-2019-17233)
  • WP-Matomo Integration (WP-Piwik)
  • ND Shortcodes
  • WP Live Chat
  • Coming Soon Page and Maintenance Mode
  • Hybrid
  • Brizy
  • FV Flowplayer Video Player
  • WooCommerce
  • Coming Soon Page & Maintenance Mode
  • Onetone
  • Simple Fields
  • Delucks SEO
  • Poll, Survey, Form & Quiz Maker by OpinionStage
  • Social Metrics Tracker
  • WPeMatico RSS Feed Fetcher, and
  • Rich Reviews

 

Both variants reportedly include a yet-to-be-implemented method of brute-forcing WordPress administrator accounts, although it is not clear whether this is a holdover from an earlier version or a feature that has yet to see the light of day.

“If such an option is implemented in newer versions of the backdoor, cybercriminals will even be able to successfully attack some of those websites using current plugin versions with patched vulnerabilities,” the company said.

Users of WordPress are advised to continue proper maintenance, core updates including third-party plugins and, of course, themes. It is also advised to use strong and unique logins and passwords to secure accounts.

The revelation comes several weeks after Fortinet FortiGuard Labs disclosed another botnet called GoTrim, which is designed to brute-forced self-hosted websites running the WordPress content management system (CMS) to take control of the targeted systems.

Two months ago, Sucuri found that more than 15,000 WordPress sites had been affected as part of a malicious campaign to redirect visitors to fake Q&A portals. The number of active infections currently stands at 9,314.

Sources:
Read Doctor Web’s English article here
Read more about Linux.BackDoor.WordPressExploit.1 here
Read more about Linux.BackDoor.WordPressExploit.2 here

Delen:

admin

admin

Laatste berichten

Follow us