Are people mass-hacking WordPress sites? – Digitalmunition

Home Forums Are people mass-hacking WordPress sites?

This topic contains 1 reply, has 2 voices, and was last updated by  iCkerous 1 month, 1 week ago.

  • Author
  • #277445


    Someone I know got their computer hacked and their email address got used to send spam in reply to emails they received. I got two such emails. They said something among the lines of “Please review the attachment” and had a link to some obfuscated VBS.

    What got my attention was where the virus was hosted. Both of the links were to `wp-uploads` folders on seemingly legitimate business websites. One of the files was already deleted when I tried to access it.

    Is this something people are doing?

  • #277446


    CMS applications are likely the most attacked application out there. Vulnerabilities in WordPress (or WordPress plugins) are extremely common.

  • #277447


    Yes, for sure. There are botnets mass scanning for WP vulns all the time using scripts like WPScan.

    Malicious actors will pop a WordPress site and then resell access to it for other people that are hosting and spreading viruses or phishing links.

    The file may not have been deleted but rather setup to only trigger if the perfect set of conditions were met. Like a user on a mobile device running Android version x.x.

  • #277448


    This has been going on for at least 6 years. I once heard a statistic that 43% of compromised websites were WordPress.

  • #277449


    can someone ddos someone for me?

You must be logged in to reply to this topic.