Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
nerdculture.de is one of the many independent Mastodon servers you can use to participate in the fediverse.
Be excellent to each other, live humanism, no nazis, no hate speech. Not only for nerds, but the domain is somewhat cool. ;) No bots in general. Languages: DE, EN, FR, NL, ES, IT

Administered by:

Server stats:

1.2K
active users

nerdculture.de: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

Olly 👾

WP3.XYZ Malware attacks Add Rogue Admins to 5,000+ WordPress Sites.

Webscript security company c/side discovered during an incident response engagement for one of their clients that the malicious activity uses the wp3[.]xyz domain to exfiltrate data but have yet to determine the initial infection vector.

cside.dev/blog/over-5k-wordpre

GIF
[ImageSource: c/side] After compromising a target, a malicious script loaded from the wp3[.]xyz domain creates the rogue admin account wpx_admin with credentials available in the code. The script then proceeds to install a malicious plugin (plugin.php) downloaded from the same domain, and activates it on the compromised website. [⚠️Blocking the Attacks⚠️] c/side recommends that website owners block the ‘wp3[.]xyz’ domain using firewalls and security tools. Moreover, admins should review other privileged accounts and the list of installed plugins, to identify unauthorized activity and remove them as soon as possible. Finally, it is recommended that CSRF protections on WordPress sites be strengthened via unique token generation, server-side validation and periodic regeneration. Tokens should have a short expiration time to limit their validity period. Implementing multi-factor authentication also adds protection to accounts with credentials that have already been compromised.
#wordpress#malicious#plugin
Jan 24, 2025, 12:26 PM·Public·Metatext
2boosts·1favorite
ExploreLive feeds
About