WordPress websites scattered across the Internet have a massive marketplace of CMS products. These websites, which are usually poorly-protected, easily enable cyber-criminals to hack into them with the aid of obsolete plug-ins, easy-to-crack admin passwords or 3rd-party themes.

Hoping that victimized users would open files such as footer.php and header.php (theme files), along with the files inside WordPress installs’ core component -files such as wp-load.php and index.php, the attackers decided towards reconstructing the particular file, according to Luke Leal of Sucuri.

Sucuri, a security firm showed one fresh technique of injecting SEO (search engine optimization) spam into compromised WordPress sites that are utilized for basically attacking the targets. The said sites are primarily compromised through uploading of core WordPress file such as /wp-includes/load.php to the website. Following that, the sites are utilized as bots within distributed denial-of-service (DDoS) assaults, or as C&C servers to carry out offensive activities, or as websites that download malware, all for hosting malvertising as well as compromising SEO results.

The last one occurs via compelling hacked sites towards uploading content which’s in normal cases automatically concealed. Within one such instance, according to Sucuri, one business portal displayed porn within its results returned from Google search. Deccanchronicle.com posted this, August 15, 2016.

The cyber-attackers made changes to /wp-includes/load.php so they could install one other file namely /wp-admin/includes/class-wp-text.php that’s not suppose to be there within usual WordPress installations, however, that hackers concealed amidst other root files of WordPress. Consequently, that other file installed each-and-every SEO spam; however just for the Internet giant Google’s SE (search engine), keeping the website undisturbed so that regular visitors would find the original.

Central to the infection, the hackers didn’t stop at merely installing one plain PHP/JavaScript file inside the footer/header of the site; however, did so much to alter the content of the WordPress root files.

For search-bots, the hacked websites provide some other text, with wholly different web links, descriptions and topics for websites that the attackers wish having higher rankings on search engines even at the cost of the compromised site that consequently loses traffic while shows a modified public description on Bing, Google etc.

Leave a Reply

Your email address will not be published. Required fields are marked *

5 × 3 =