On this episode of WPwatercooler we talked about WordPress hacks.
- How hack on 10,000 WordPress sites was used to launch an epic malvertising campaign • The Register
- Massive WordPress Redirect Campaign Targets Vulnerable tagDiv Themes and Ultimate Member Plugins
- New PHP Code Execution Attack Puts WordPress Sites at Risk
- Black Hat 2018
- Security Now Podcast
- So phar, so FUD
- Bug Bounty-Hacker Powered Security Testing|HackerOne
- HackerOne
Unrelate news:
chit chat and shouldn't what's up everyone this is Jason Tucker in this is WP water cooler episode number two hundred eighty six to eighty six to eighty six of my first computer six right I didn't have no eighty eight early Alex through the six style and so did everyone is George Wright was going I'm here this week this week I guess all I normally look at automatic but I'm currently on sabbatical and I'm going back to work in like a week and a half it's been that long already yeah is beginning in June I went out well that is your life when you're not working you are working also I would just like not working my tail off and I still can't believe it whatever mode that is well speaking I would say about you us by yourself yeah he didn't do that part okay what do I do I make for press we tried pristine progressed forget about wordpress of my mom and with my mom my mom wants to face do you watch during the show yes she's my little nephew anyway it's not interesting what is interesting is the Steve I am seizing on the founders the interactive in on any run the issue were pressed knew that Jason while river river did you see so that's also find your bridges and check on Twitter my website is using her blog I do know the show here on the network called the lab to free go take a look at that we happen on Thursdays arm and we actually posted one on Wednesday this week because I was busy on Thursday like how older more life starts happening it's pretty insane like you know what screw schedules for some reason we turned on the local news there and that's for weather over to Jason for trapped exactly read exactly right now right we just we're just trying to keep things alive and fresh so we're what's been critical about about this this particular like cold time of doing W. watercolors that we've we spent all these all these where we spend all these these episodes probably first like two hundred of them are so two hundred fifty of them pretty much like coming up with the topic before hand we took over the topic and we just we have it all figured out we get all these people on regardless like what now now we don't know what what show you were doing for the first few years there but I don't really like we did plan topics we had big foot person of wordpress like for the first a fly by the seat of their pants now everything is like top down this is what we are going to be doing in this release in advance and so forth Rackley thing would you like does good work that you want to throw it in there are lots of sort of nickel is the thing that we we did plans topics and we stand topic for about a minute and fifteen seconds and laughing and also didn't matter if it is why we gave up on the whole idea if that's why I have people that are like you with the topic this week maybe I want to be on the show and I was like you can always be on the shelves will not with the topic exactly because of that and why I brought that up is the simple fact that we really don't have a topic figured out we didn't even talk about anything during the pre show Russ was actually on the pre show for a little while at a work camp we're Campani hapless and they had people in speakers talking and all his in this big you German stuff so as not to yeah he was gonna be on but okay I have something I want to talk about right away right away the latest greatest hack come out where well we're has its own the old where in the world I'm in San Diego yeah exactly I'm so there was a bagel hack this week and if yeah it with this kind of malware I don't know about this I've not been paying attention being in the closet sabbaticals so class for my sake and the folks at those that are not tuned in in the audience have a to tell it he's a really what about that can we hear more about the closet door close the Dow okay yeah okay wait so the hack it was a re direct attack if you want to see it you got a lot meeting does not come this would take it off of there LBC does occur %HESITATION and %HESITATION you can see how it works because it's still happening right I'm so here's the deal though what happened it's it's a it's a J. query based thing it got in through %HESITATION alternate number which I've never used so that's not how it got into me and then sell and ultimate number and then the %HESITATION some things some other thing anyway than the jquery files but it's doing a reader acts so it's like that moves you and I had multiple people one prisoner told me they like is this supposed to be like this on a website like no it's like all I could not bunch of time Ono okay we should do that doctor do that don't click the button well like and that explains so much about Russian like in the hopes that it like fishing not as hard as you can get is and this is what we're talking about a lot of where this I thought you were talking about the WG well not our hack the PSP hat oh yeah I don't I didn't hear about that would maybe probably because I wasn't affected this is that the did tags it's %HESITATION here like themes an alternate number plugins are as a blog post all drop into the show notes I already that hell that's got so is it is it was a reader because what happened there a site that I found that does it that may or may not have mentioned is that it that asks you to set up a notifications things one is allow and there's two different sides of the goes to %HESITATION limits and all you want dot on mine you should never could think I was gonna say this in case thanks I don't use the media uploader K. internet nope a new thing to post news like static HTML websites I've I've heard enough he then you're out anyway so but we should all go back to school time yes sex files with our own website we're done if you really want to be secure southside anyway the point is is that that is one of those things and so it gets into a site and then it gets all into your whole account and then you call your host and you know I know that my hosts won't be able to help me with that right like I know that %HESITATION because well why don't necessarily know that but you know that's not quite a thing that's why security there they want to charge you extra bubble out here make money right right but it is really really annoying when you paying your host chat and you're like Hey so my entire account has been hacked so like all ten or more sites that are on there now have this infection and they're like oh that's that's really sad regrettably we can't help you here is a link blank well the thing if I were not like so I'm I'm you know I'm in the web space I mean to say is I know that that is what they're doing Steve is dying right now just the winning team was made long is that if I were a quote unquote regular person if I were normal I would end message them about the thing and that was my answer I would well I was a little mad anyway but like I was just I would be so mad yes yeah you mad bro how so it was before him value your website is it is it something that you value for doing business making money on it but you know it depends what your website is and he was like you should spend the money for the proper hosting and monitoring that you need to because these things will happen yeah this is like this this account that I have is like my old old account I don't use these anymore and like %HESITATION Sir I just have it there and like all of my newer stuff it's all on Mike managed hosting or whatever and then I just more wave anyway I just kind of ignored it and had one side of it it was using and then how bad practices I did not this is my fault if you believe if if if you're using a site that you value right you should have a decent house right wordpress manage host might do some of that monitoring for you you should have hang on your house some sort of security moderate like security or sidewalk or something along those lines because they'll they'll send you an alert or something like that happens but you should have these things in place not right so not every hostess created equally Solana hosts are gonna tell you Hey we provide you the box we provide you the rack rate class right the software is yours and your responsibility you put it there on so %HESITATION Hey I have kids wanting talking yes I am I am busy I can't right now I got it my mom that that that that news thing happen with the British guy was he a win for the nanny come running in the gravel with his wife and you're making assumptions most hosts aren't or not lightly or not not so politely gonna tell you the software of your responsibility you put it there no I just said I accept responsibility for it that is not the point but Stephen was a one quick install the game stream over that happened after that I know I don't know none of that is what I'm saying I'm saying is that there was not actually it was completely like like so I know what to do right I do know what to do and I just kind of went to my house be like Hey you guys know about this you know what I make sure I don't expect anyone else because this is a large house I'm not going to say their name there was silence might pound okay and I just I would I eat even in this is not good for like this happen to someone site who was a D. I. Y. or whatever like I just I don't believe in self hosting anymore that's really what I'm coming out I just need you guys to know that this is done it's too it's too crazy out there and people who don't like I can fix it it's whatever but like the people who don't have that the business owners whatever they have to be an interesting mix have to there's too many threats there's too much stuff going on they need the support if I were a regular person and I called right I found it and I would you know be really angry and I would hate wordpress and all of those things so I don't really know what my point is total my concern is what it is get insurance you haven't you have a great very valid point itself for anybody not saying it is watching the water cooler right in there and there are many people that are not set on one or two well you should you should invest money in hosting it if your website is something that you value right so you should be looking into and out a word press man's house and there's lots of lots of good ones out there but somebody that is going to take responsibility or at least ownership of a problem and help you through it if you're not technical right that's what that's what a good host will do now they may not fix it for you right but they don't even do that it was within me they may give you some guidance as to where to look yeah yeah they said I didn't need their lake honestly but they sent me there like it was like a cleaner side after hours like this is the latest article ever like how much it had like scripted it and it was like all his stuff but I would like to me it's two people have about who their customers are like the joke about when you see a spider in your house only to get rid of is to burn your house down start over %HESITATION but when you get a malware infection on your website honestly that's not the worst idea in the world guess just moving which necessarily delete your entire site database and everything alright reinstall your core files change your Salzgitter new W. P. compac file reinstall clean versions of all your plugins the legal directories and put new copies of things there odd that you know are going to be not in fact see now if that had been in the article I wouldn't have been quite as annoyed because that's actually good advice but that's good actionable bikes that actually everyday person can take and again I wasn't upset that they didn't give me advice I couldn't use because I know what how to solve the problem but like the maybe just think about how infuriating that would be for anyone else on it and I think I think I know that I agree that that's every day advice I think George vice is perfect but half of our listeners are more than half of our listeners all of them two down to that because that's what that's a very technical things George's sat right they don't understand salts are or were that's true because most of our listeners are not say I forgot he said sell so George is a device is right and there's plenty of great nation I'm doing exactly that on the wordpress codex there but most were not technical enough to be able to do that yeah and also a lot of it I absolutely adored the are a product is security used to offer which was just if your site is hacked go to them paid on that eighty Bucks or something they'll clean your site for you %HESITATION they stopped offering out in favor of everything being like monthly plans on going for a lot of people that are only now annual only regardless subscription base instead of actually on my site tak please fix it for me now and I used to recommend that for all the time people my face talk okay just call the people will get fixed on I don't know how it took your shop is good but I don't know exactly if folks are willing to do that as much so may I wish there was another Sir that maybe one day all knows about one does good just like extolled will come in and do you have a cover most of the bases for yeah I was gonna recommend them if you say care they're no longer around is there any answers like that anymore let me maintain got bought out by web Dev and I don't think they do one off fixes arm rests with though but he's not here then I also don't know I would like to know once I have something I can recommend to people %HESITATION doesn't exist right now I really don't I'm you know from what I as we should not it is easily solved if you do a little bit her friend preventive maintenance and have backups are through whatever provider you want to make sure it offsite backups not three your hosting company because of your hosting company turns on you you don't wanna be locked into them having the only copy of your data and so what should you to to to kind of make sure that the sort of thing doesn't happen like what's the what's the name of the thing back ups back up I mean would like a web application firewall help with this like having something that's gonna stand between you your website and the rest of the internet to build the least like have a lease but that better you know way of you know the kind of block any of these types of attempts to make the engine yeah see that's the thing like all up like I am just physically I'm taking all my sites on a management thing I'm taking all my clients like done to manage us down like this is this is it this is where we are now because like in less your developers self hosting is too dangerous in hand and that's that's that's just what I recommend all my clients right if you're hosting wordpress you should be on something like that in general wet on it or another yeah I suppose like it there's plenty of them out there others just happen to be to the apartment yeah %HESITATION was as well say they run with instead of the actual names he and I don't know how you run that way bubbles flew well anyway I think that I think having a few of these types of you know things to kind of make sure your site isn't going to have you know any issues especially are buying a good web host if you're using the web application firewall definitely do something like that don't have really lame passwords for any of your accounts on your site that can be told the enumerated you know yeah I'm just like George says if something did happen change assaults because with assaults are going to do is make it so that if someone's already logged in that they won't continue to stay logged in so that's good as well rather peppers then I will out of a small towel I'm I'm a reader it would do a shorter set set about backups I think activists are critical right and so on George made a great point not just affect your host you have a way to back up off absolutely have a local copy of all of your coat on what well dressed well presence so it's all it's all remote they have thirty days of backups %HESITATION depending on the one you pay for it can either be daily or instant %HESITATION both presses been one of the most of this is the easiest to use and I even had a client a completely non technical clients have an issue and I had years I helped her set up all press whatnot and she used to restore from ball past to put her own site back she fixed her site broken and that is like I know like it really works the critical thing to a back up is the restore right with backgrounds but if you can't restore over you got problems yeah I mean we've done a lot of adoration double press recently involving are faster restores to make it much simpler and faster basically spot the pointed the restore where you want to back up to yeah no name send custom fields and custom although things hold everything it's everything it's all your files and your %HESITATION databases so it literally it's basically like an undo button as I just wrapped my clients include some scanning of the code your site to see if there's any exploits or anything that I can spot warn you that Hey your site may have been compromised that's awesome time has not stated right where you were something hidden in Jackson content but the but the files because they can get any crop to files cannot restore knows our can still be there after you restored eight ace on the case for this one art code in VB or is this and that includes natural files so it added there are codes in there that's what I just said there are codes in there now Hey George did I find him he got out for some I don't know I don't think it's I was it was the %HESITATION PHP code execution happen this book the last week on which is more low level thing right but yeah it's a scary thing because there actually is a way for hackers to get into that to that server side of your of your website not just in Jackson now where on so that's what I was paying attention to one democratic came out from blackout right yeah yeah what is it do on nine eight hoses technical terms that they could do they take it over to the exit at the bot does it redirected not redirecting that's the look in in it essentially from what I understand chasing her from here but when the city gives them full access into your on your server in your database only god can you imagine if you had a conversation happening again yeah yeah yeah yeah right now if there is anyone listening as an economist say who's not on managed hosting that's your job today also next week find yourself a man shows them that do free migration of your existing site you know you may have loyalty to your post is just freaking moves just do it just mope did you mention it I do want to give a plug for the region's migration tool which is amazing really it's a one click thing it's really easy to do it it's it's great but the host of the %HESITATION a hack for the other four hack into show notes to compose people to read up on but it's it's a scary one and from what I understood and give it a little bit later run since this is not new it's been around for awhile this has never been patched yeah I know without action was like a known vulnerability that was posted without having a patch or just known post about it this is a known vulnerability yeah I was listening to show that I've been listening to for quite a few years now called a security now and security now security now is owned by a company called G. R. C. which you can probably have gone to this website it's probably the ugliest website I've ever I've ever gone to because it just the the how old it is and how like he did all of the interface and everything looks but I'm the guy who runs it Steve Gibson he %HESITATION he kind of goes through a bunch of prince security issues that come up in every time blackout comes up you get super excited about it just because of all the crazy vulnerabilities that end up coming up soon so I'm over on on their show security now which I have links to in the show show notes here and they actually do extensive show notes were to the point where they can describe everything that everybody says including all the links and everything so forget that from August twentieth which was yeah go on it says security shortcomings levels hackers explained this is within wordpress PHP framework allowing all registered users without admin privileges run explica yeah sounds good to me yeah and that's the the far code is the same stuff that's being used to be able to do a PC arable he he had a few CLI that's pretty interesting to see that yeah I mean that's kind of how the applications executed anyhow because you're just executing PHP on the command line yeah interesting stuff in pretty you know these types of things I mean most of the most of the hackers that are out there that find this type of stuff we're not hackers but just like white hat type Packers find this stuff in the mail though responsibly go to the organizations that are the ones that are running this and say Hey I just found this thing two weeks into the you know actually figured out if you can catch it cool if not I'm gonna go out to our bay in the rest of the world Hey there's a school when ability let's go and have fun with it well down the stretch gonna ask hunt down peaks and so on companies like Samsung Hey hacker to go equal abilities in the number of that ever there when they got older TV's were listening all the time right after that he was able to earn a bouncy because he found that two of something like several tens of thousands of dollars I'm wondering I'm wondering if under one dot com is the one that I'm a lot of folks use for Bonnie Bonnie hunting with the water I'm one of wordpress pink bounties Campbell Aaron I didn't wordpress start one of these I I might be confusing is up so late Parker yes the rocker one is with the web but they're not yeah when I come such wordpress is where you get on yeah he was like yeah and I know I'm not I'm not a hacker I can't do this I'm not actually there I can't do it %HESITATION V. eyes kind of feel like the bounties are like the people who pick up the birds in the lines right the good charge them and then set them free it seems like everything is crowdsourced hacking repair the you know I I think we should have some sort of like we need to like the skin to con me in wordpress and how we can just like maybe just rent a word press website from minute men in doing so you know org is actually eligible for about me they have a higher thing on here for ya forgetting Berg is being eligible for all I know we only have two minutes but did you even think about how there's now classic press did you did you know that so there is a group of people who are forking wordpress at four nine eight and they're calling it classic press and they're like no good bird net there like the never good burger I don't know but I think so but anyway classic press well it was like to have a coffee making stuff yeah yeah I'll look at it in my I was reading it on my phone this morning's us we'll showed up I guess when you for example like this you're gonna have to maintain it so they're good and they're definitely gone and makes you know and need to actually maintain this code if they're they're serious about it wordpress to stay warm good stop net days and I'd like your person because this opens up a whole parallel universe is going to be happy strange I don't know who's in charge of it we can talk about it next week because I totally went up like two minutes also a cooler house a good guy CP I would have some disgruntled wordpress team lead that stay on target it seems very like %HESITATION refused to grow like come on in names fork of wordpress wanted it with out in bold bird focused on community let development that's also where which you know finally launched Steve rather good are there any like Mondays that are available that we can start a classic press meet up I'm really excited about laurel press is what it is that's also one that frightens me Mister I'm servers are oppressed dot net I really want to we had to go right is right here you that's it we're done much for the two of you wait wait wait I just looked up classic press start let on what we're seeing is that press that that does not appear to be at work classic press it was made in in verses in wordpress you well right look alike yeah is we'll have to figure out what I was thinking very much for all you folks for being on the show and go over to our website I did you work with a calm such subscriber going to subscribe to the stuff but then audio and video format if you're brave all thought y'all later by the way the bill with does show the classic Preston and is in wordpress so that's good
4 Comments
Likes
Mentions