1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Cybercriminals Hijack WordPress Websites with Free Premium Plugins

Discussion in 'Security Updates' started by snoopy, Mar 29, 2014.

  1. snoopy

    snoopy Registered Members

    Joined:
    Aug 1, 2010
    Messages:
    1,671
    Location:
    At my computer
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    custom built -
    There are a number of websites that offer premium WordPress plugins for free. However, experts warn that these “free” plugins can actually come at great cost.
    Researchers from Sucuri have analyzed a number of premium WordPress plugins that are offered for free on various websites such as wplist.org, wplocker.com and others.

    For instance, the SEOPressor plugin, which is normally priced starting at $47 (€34), has been found by Sucuri experts on the website of a customer. However, the plugin version in question wasn’t the genuine one.

    Instead, it contained code that allowed its creator to hijack the website on which it was installed. After decoding the obfuscated code, experts found instructions to create a new WordPress administrator account with the username “wordpress” and the password “gh67io9Cjm.”

    Once it’s installed on a website, the plugin sends an email to the hacker to let him know that the site has been compromised. Then, the attacker loads the blog with the ?cms=jjoplmh parameters in the URL. This triggers the creation of the new administrator account.

    After that, the cybercriminal can log in to the administration panel and do whatever he wants.

    More details here: http://news.softpedia.com/news/Cybe...bsites-With-Free-Premium-Plugins-434616.shtml
     
    snoopy, Mar 29, 2014
    #1

Share This Page