There have been reports that hackers tried to download configuration files from sites using WordPress to steal their database credentials.
Wordfence, a provider of web application firewall services (WAF) reported that about 130 million attacks directed at harvesting database credentials from 1.3 million sites by downloading their configuration files were blocked by Wordfence Firewall.
“The attack was started by hackers since 30th of May 2020 becoming the peak of the attack campaign having recorded about 75% of the total attempt at exploiting the theme and plugin vulnerabilities all through the WordPress environment.” This was stated by Ram Gall, Wordfence QA engineer.
He emphasized the fact that the attacks were executed from a network of 20,000 different IP addresses with most having been previously deployed in an earlier large-scale campaign that also targeted WordPress sites early last month.
The earlier campaign similar in size saw the hackers deployed a batch of XSS (cross-site scripting) vulnerabilities and tried to attach malicious administrative users and backdoor on the targeted sites.
In a Wordfence-published report detailing part of a threat alert, it revealed that the config-jacking attacks are three times bigger than any other form of the attack recorded against WordPress sites. Both large-scale campaigns which are “considered” to be bigger than all other groups’ attacks put together are suspected to have been carried out by the same hacker.
Gall said, “the attack campaign aimed to use old exploits to export wp-config.php files from unpatched WordPress websites, extract database credentials from them, before using the usernames and passwords to hijack the databases.”
READ ALSO: WordPress malware pinpoints WooCommerce sites for Magecart attacks
The web application firewall services providers say that “Peradventure your server is configured to grant remote database access, a hacker with access to your database credentials can effortlessly add an administrative user to either siphon or delete vital data from your site”.
SecureBlitz advises that you get to change your database password by contacting your host company even if your site does not grant remote database access to avoid getting your sensitive data tampered with by an attacker that has gained access to your database credentials.
RELATED POSTS
WordPress Hardening: 7 Ways to Harden your Website Security
Most Dangerous Websites You Should Avoid in 2020
Hacker leaks over 23 million user data on Webkinz World