This topic contains 1 reply, has 2 voices, and was last updated by iCkerous 1 month, 1 week ago.
- July 2, 2020 at 4:28 am #277445
Someone I know got their computer hacked and their email address got used to send spam in reply to emails they received. I got two such emails. They said something among the lines of “Please review the attachment” and had a link to some obfuscated VBS.
What got my attention was where the virus was hosted. Both of the links were to `wp-uploads` folders on seemingly legitimate business websites. One of the files was already deleted when I tried to access it.
Is this something people are doing?
- July 2, 2020 at 4:28 am #277446
CMS applications are likely the most attacked application out there. Vulnerabilities in WordPress (or WordPress plugins) are extremely common.
- July 2, 2020 at 4:28 am #277447
Yes, for sure. There are botnets mass scanning for WP vulns all the time using scripts like WPScan.
Malicious actors will pop a WordPress site and then resell access to it for other people that are hosting and spreading viruses or phishing links.
The file may not have been deleted but rather setup to only trigger if the perfect set of conditions were met. Like a user on a mobile device running Android version x.x.
- July 2, 2020 at 4:28 am #277448
This has been going on for at least 6 years. I once heard a statistic that 43% of compromised websites were WordPress.
- July 2, 2020 at 4:28 am #277449
can someone ddos someone for me?
You must be logged in to reply to this topic.