Results 1 to 4 of 4
  1. #1
    -Shay- is offline Public Member
    Join Date
    November 2012
    Posts
    3,062
    Thanks
    12,211
    Thanked 3,135 Times in 1,686 Posts

    Default Wordpress making it "easy" for hackers

    Starting with WordPress 4.4, if I am understanding things correctly, a content scraper's job has been made a whole hell of a lot easier. There is a bit of code (again, if I understand things correctly) that gives oEmbed customers the ability (and permission) to embed content via an iframe to their site - thus benefitting from YOUR content or images if I understand this correctly.

    If this is the case, this could well be why I see tons of phantom server hits (from Amazon, Google Cloud, Drake Holdings, and other server farms).

    I'm maintaining throughout this post that it is "if I am understanding things correctly". I'm not sure if I am misreading this or not. I do know that as of right around wordpress 4.4, there was a few additional lines of code introduced and one of which exposes the "true author name". On my sites (as a security feature), I utilize a nickname that is different from my wordpress user name. I also take measures to hide the "author" links. The way I understand things, the "nickname" cannot be used to log into wordpress, so this serves as an added layer of protection (considering no one will be able to in theory guess my chosen user names). However, in exploring this code, I find my nick name and my user name - much to my surprise. It was at this point that I found that oEmbed bit of code.

    If I am not understanding the code and the embed features correctly, someone please chime in.

  2. #2
    DaftDog's Avatar
    DaftDog is offline Private Member
    Join Date
    October 2008
    Posts
    1,892
    Thanks
    533
    Thanked 659 Times in 379 Posts

    Default

    This username issue is something that has been a problem for many people using WordPress for a while now, judging by the WP forums. This plugin, Edit Author Slug, will solve this issue and was first created two years ago so I don't think the problem is new.

  3. The Following User Says Thank You to DaftDog For This Useful Post:

    -Shay- (12 May 2016)

  4. #3
    universal4's Avatar
    universal4 is offline Forum Administrator
    Join Date
    July 2003
    Location
    Courage is being scared to death...and saddling up anyway. John Wayne
    Posts
    27,997
    Thanks
    2,219
    Thanked 7,915 Times in 4,991 Posts

    Default

    That could be a portion of the phantom hits shay, but before making a final decision that is what they all are, try checking loggs to see if they are also trying either A# wp-admin/wplogin or B# authenticating on email using random usernames.

    Another attack vector that is often overlooked is the xml-rpc based attacks.

    Even if you move the admin and (I think but havene't verified) taken "some" steps to hide the authors, the attackers will still hit the site looking for admin logins and try and extract authors.

    I have studied many security plugins and am thinking of switching over to one I discovered recently.

    I had the same thing going on on two different stock installs of wordpress, one on a domain and one on an ip, two different servers and ip addresses and no matter what I tried this was going on but it stopped almost immediately when I loaded up WP Cerber security plugin.

    I had to disable other security plugins first, I moved the admin login, I turned off xml-rpc, and also set it to automatically block any attempts at wplogin and out of both sites only one has been hit, over quite a few weeks when previous I could never go more than a few days without one of the two getting hit hard.

    The plugin has a spot where you can block access to author?=n

    You can also manipulate thresholds on lockout thresholds and more.

    The plugin will also email you any time an ip or subnet is locked out, what I normally do is add the subnet to the server firewall and allow it to expire ion the plugin, then the bad actors are blocked server wide and not site wide.

    This new piece of code making it easy to frame your pages, I think the best way to combat that would be adding a rule in htaccess that disallows pages to be framed....I will see if I can find that I do recall us discussing that here the last year or so.

    By the way anyone interest in trying WP Cerber out and has questions, let me know or we can start another thread to discuss it. Careful using it since I have not yet tested this if you use jetpack, I would think you would have to whitelist their ip's or keep xml-rpc turned on.

    Rick
    Universal4

  5. The Following User Says Thank You to universal4 For This Useful Post:

    -Shay- (12 May 2016)

  6. #4
    universal4's Avatar
    universal4 is offline Forum Administrator
    Join Date
    July 2003
    Location
    Courage is being scared to death...and saddling up anyway. John Wayne
    Posts
    27,997
    Thanks
    2,219
    Thanked 7,915 Times in 4,991 Posts

    Default

    Here is a discussion on this at stack exchange
    http://stackoverflow.com/questions/5...ck-iframe-call

    Similar discussion at Complete Concrete Concise
    http://www.complete-concrete-concise...ide-of-a-frame

    And one at Stop Malvertising
    http://stopmalvertising.com/security...p-headers.html

    It appears all three state the X-Frame options works well.

    It seems there is a bit of debate at stack exchange over this, but the C.C.C site seems to state that it works without debate.

    Rick
    Universal4

    Side note: a few of the above articles are older so please post if this does not work.

  7. The Following 2 Users Say Thank You to universal4 For This Useful Post:

    -Shay- (12 May 2016), dfiocch (12 May 2016)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •