WordPress hacking spree sees 1.5 million web pages defaced

[uk666 5,298]

WordPress hacking spree sees 1.5 million web pages defaced

 

 

A security flaw in the WordPress blogging software has let hackers attack and deface tens of thousands of sites.

 

One estimate suggests more than 1.5 million pages on blogs have been defaced.

 

The security firm that found the vulnerability said some hackers were now trying to use it to take over sites rather than just spoil pages.

 

Attacks on WordPress sites using a vulnerability in the REST API, patched in WordPress version 4.7.2, have intensified over the past two days, as attackers have now defaced over 1.5 million pages, spread across 39,000 unique domains.

 

Initial attacks using the WordPress REST API flaw were reported on Monday by web security firm Sucuri, who said four group of attackers defaced over 67,000 pages.

 

The number grew to over 100,000 pages the next day, but according to a report from fellow web security firm WordFence, these numbers have skyrocketed today to over 1.5 million pages, as there are now 20 hacking groups involved in a defacement turf war.

 

Security firm WordFence said it had seen evidence that 20 hacker groups were trying to meddle with vulnerable sites.

 

Patches Are Not Being Applied

 

WordPress has an auto-update feature enabled by default, along with an easy 1-click manual update process. Despite this, not everyone is aware of this issue or able to update their site. This is leading to a large number of sites being compromised and defaced.

 

Over the weekend, Google also warned WordPress website owners registered in the Google Search Console. Google attempted to send security alerts to all WordPress 4.7.0 and 4.7.1 website owners, but some emails reached WordPress 4.7.2 owners, some of which misinterpreted the email and panicked, fearing their site might lose search engine ranking. 

 

Webmasters who received Google Search Console alerts that their WordPress website needs to be updated to version 4.7.2 can ignore them if they are already running the latest version.

 

Webmasters that have not, need to do so as soon as possible, as WordPress 4.7.2 fixed a serious vulnerability in the WordPress REST API, which affects versions 4.7.0 and 4.7.1, and allows attackers to edit any page's title and content. bleepingcomputer