You are here
Home > News > Large scale attack campaign targets WordPress sites’ database credentials

Large scale attack campaign targets WordPress sites’ database credentials

database credentials web application firewall

There have been reports that hackers tried to download configuration files from sites using WordPress to steal their database credentials.

Wordfence, a provider of web application firewall services (WAF) reported that about 130 million attacks directed at harvesting database credentials from 1.3 million sites by downloading their configuration files were blocked by Wordfence Firewall.

“The attack was started by hackers since 30th of May 2020 becoming the peak of the attack campaign having recorded about 75% of the total attempt at exploiting the theme and plugin vulnerabilities all through the WordPress environment.” This was stated by Ram Gall, Wordfence QA engineer.

He emphasized the fact that the attacks were executed from a network of 20,000 different IP addresses with most having been previously deployed in an earlier large-scale campaign that also targeted WordPress sites early last month.

The earlier campaign similar in size saw the hackers deployed a batch of XSS (cross-site scripting) vulnerabilities and tried to attach malicious administrative users and backdoor on the targeted sites.

In a Wordfence-published report detailing part of a threat alert, it revealed that the config-jacking attacks are three times bigger than any other form of the attack recorded against WordPress sites. Both large-scale campaigns which are “considered” to be bigger than all other groups’ attacks put together are suspected to have been carried out by the same hacker.

Gall said, “the attack campaign aimed to use old exploits to export wp-config.php files from unpatched WordPress websites, extract database credentials from them, before using the usernames and passwords to hijack the databases.”

READ ALSO: WordPress malware pinpoints WooCommerce sites for Magecart attacks

The web application firewall services providers say that “Peradventure your server is configured to grant remote database access, a hacker with access to your database credentials can effortlessly add an administrative user to either siphon or delete vital data from your site”.

SecureBlitz advises that you get to change your database password by contacting your host company even if your site does not grant remote database access to avoid getting your sensitive data tampered with by an attacker that has gained access to your database credentials.

RELATED POSTS

WordPress Hardening: 7 Ways to Harden your Website Security

Most Dangerous Websites You Should Avoid in 2020

Hacker leaks over 23 million user data on Webkinz World

How to Secure Your WordPress Website from Hackers

5 Most Common WordPress Attacks in 2020

Amaya Paucek

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Top
Enable Notifications    Ok No thanks