shopify site analytics
Skip to main content
15 January, 2022

Author

Aegis Defender Pro Customers Escape Massive WordPress Attack

15 January, 2022

1.6 Million WordPress Sites Hit With 13.7 Million Attacks In 36 Hours From 16,000 IPs

Jan 15th, 2022 - About 6 weeks ago, it was reported that a massive uptick in attacks targeting vulnerabilities that make it possible for attackers to update arbitrary options on vulnerable sites was underway.

These attacks were from a distributed network of compromised servers and websites worldwide, from about 16,00 separate IP addresses. Luckily, Aegis Defender Pro was created for exactly this kind of attack, and our customers escaped 98% of the attacks. The other 2% that filtered through were quickly added to our Block List and all customers were instantly protected from this malicious attack.

A Closer Look at the Attack Data

Attackers are targeting 4 individual plugins with Unauthenticated Arbitrary Options Update Vulnerabilities. The four plugins consist of ​​Kiwi Social Share, which has been patched since November 12, 2018, ​​WordPress Automatic and Pinterest Automatic which have been patched since August 23, 2021, and PublishPress Capabilities which was recently patched on December 6, 2021. In addition, they are targeting a Function Injection vulnerability in various Epsilon Framework themes in an attempt to update arbitrary options.

In most cases, the attackers are updating the users_can_register option to enabled and setting the default_role option to `administrator.` This makes it possible for attackers to register on any site as an administrator effectively taking over the site.

Attack Origins, Last 7 Days

Most attacks on websites are through some sort of distributed network of compromised computers worldwide. As more websites are compromised, their networks become larger, making it harder to stop them. Protecting your website is the only way to avoid becoming a statistic.

chart-countries-attacking.jpg

Aegis Defender Pro customers using WordPress all have detection and reporting plugins to alert cyber-security specialists at Aegis Defender Pro of any type of web attack. Only a few websites with normally heavy traffic have recently seen activity from this attack, and each reported attacker was researched and added to every customer's firewall within minutes.

How Can I Protect My Website from These Attacks?

This attack is one of many millions of attacks that happen every year on websites. From simple admin login attempts to SQL injections, Denial-of-Service Attacks to File Uploads, your website is under attack, right now. There are a few ways to tell if you are under attack:

  1. Website is unusually slow
  2. WordPress posts comments are filled with spam
  3. Install Admin Tools and set your email address for reporting

If you're under attack, your email will fill up with attack reports from Admin Tools within a few minutes. Luckily, Admin Tools will block each attacker after 3 attempts, but this can go on for weeks of months until all attackers are blocked. In many cases, it never stops, it just slows down; meanwhile, your website's performance drops due to the thousands of blocks in your mini-firewall.

The Solution

Aegis Defender Pro has been collecting attack information for over 6 years, and joined forces with other reporting agencies to create the most comprehensive Block List in the world. Combining many of these IPs into CIDRs has reduced millions of IPs to less than 50,000 CIDRs. When hacker Blocker is installed, websites see an instant drop in attacks, with significant increases in site performance.

Visit www.hackerblocker.us for more information.