Malicious SEO Campaign Affected Over 15,000 WordPress Sites Discovered


WordPress is currently one of the most used tools in the creation of websites thanks to the variety of options it presents and the ease of use it provides to carry out any project in the online world.

However, like everything digital, WordPress is also susceptible to attack by hackers.

On this occasion it was revealed a new malicious SEO campaign that affected more than 15 thousand websites made in WordPress, with the aim of taking the users of these pages to other false ones presenting questions and answers to generate an increase in the number of visitors.

All of this is part of one redirect campaign carried out by people under practices framed in the black hatwhich made it possible to compromise the integrity of thousands of web pages in order to raise the rank of fake websites.

Since September, the security company Sucuri had detected an increase in the number of WordPress malware redirect sites, which by October had a record of more than 2500 sites successfully attacked.

So far Sucuri has found 14 fake websites, although the servers where they are hosted could not be detected due to being hidden by a proxy.

It is worth mentioning that the questions displayed on fake websites are obtained from other legitimate ones, which favors their positioning and makes them accessible to more people.

Added to this, fake websites may be able to spread malware to visitors through modifications made to more than 100 infected filesthis being somewhat uncommon, since it facilitates its detection and cancellation.

On the other hand, it was determined that most of the infected files belonged to the WordPress core, although another series of .php extension files was also observed, which turned out to be among the most infected and which are mentioned below:

  • ./wp-signup.php
  • ./wp-cron.php
  • ./wp-links-opml.php
  • ./wp-settings.php
  • ./wp-comments-post.php
  • ./wp-mail.php
  • ./xmlrpc.php
  • ./wp-activate.php
  • ./wp-trackback.php
  • ./wp-blog-header.php

Added to this, Sucuri indicated the presence of some file names launched by the hackers themselves and that they passed off as legitimate, these being the following:

  • php
  • php
  • wp-newslet.php
  • wp-ver.php
  • wp-logln.php

So far it has not been possible to determine the specific way in which these black hat hackers execute their attack on these WordPress sitesalthough it is suspected that they do so through a vulnerable plugin or a brute force attack.

Previous articleSony Xperia 10 V has leaked specs with Snapdragon 6 Gen 1, OLED screen and more
Next articleThe best classic PC games for mobile
Brian Adam
Professional Blogger, V logger, traveler and explorer of new horizons.