Technology News

Rise of The Hackers

Security researchers at Wordfence are reporting that thousands of hacked home routers are attacking WordPress sites. Wordfence firewall and malware scanner products are in use on more than 2 million WordPress sites and the company estimates that 6.7% of all attacks on these sites are coming from hacked home routers.

“In the past month alone we have seen over 57,000 unique home routers being used to attack WordPress sites,” Wordfence CEO Mark Maunder said. “Those home networks are now being explored by hackers who have full access to them via the hacked home router. They can access workstations, mobile devices, wifi cameras, wifi climate control and any other devices that use the home WiFi network.”

Maunder said his team has mostly seen brute force attacks targeting both wp-login.php (the traditional login endpoint for WordPress) and also XMLRPC login. They have also seen a small percentage of complex attacks. Wordfence has detected a total of 67 million individual attacks from the routers the company identified in March.

While Wordfence researchers were creating their monthly attack report, they noticed that Algeria had jumped in rankings from position 60 to 24 in thier “Top Attacking Countries” list. Their review of attack data in Algeria revealed a ‘long tail’ of more than 10,000 attacking IPs originating from an Algerian state owned ISP.

A vulnerability known as “misfortune cookie” is being used in these attacks. It hijacks a service that ISP’s use to remotely manage home routers by listening on port number 7547. ISP’s should close general internet access to this port, but many have not.

“It appears that attackers have exploited home routers on Algeria’s state owned telecommunications network and are using the exploited routers to attack WordPress websites globally,” Maunder said.

Wordfence researchers scanned the devices to find out what services they are running and found that they are Zyxel routers usually used in a home internet setting. They found that many of them have a severe and well-known vulnerability in RomPager, the embedded web server from AllegroSoft.

“We then dug deeper and discovered that many ISPs around the world have this same issue and those routers are attacking WordPress sites via brute force attacks,” Maunder said.

I spoke with Tony Perez, CEO of Sucuri to see if his team has detected anything similar. Sucuri also tracks WordPress brute force attempts, but Perez said current numbers are not remarkable when compared historically to mid-2016.

“I think the reason Sucuri and other companies are not seeing this is because it is a weak ranking signal for malicious behavior,” Maunder said. “As we point out in the report, each of these IPs is only doing between 50 and 1000 attacks per month on sites. They also only attack for a few hours each. These combined are a very weak ranking signal for malicious behavior. That low frequency also makes the attacks more effective because they are less likely to be blocked.”

This particular security issue is unusual in that the vulnerability is with the routers, not with WordPress itself. The attackers bulk hack thousands of devices, upload a WordPress attack script and a list of targets, and then they have thousands of routers under their control to attack WordPress sites.

This type of botnet isn’t terribly uncommon, as security researchers from from ESET recently uncovered a new malware called Sathurbot that uses torrent files as a method of distributing coordinated brute-force attacks on WordPress sites. The vulnerability in this instance is not in the software but rather in weak WordPress administrator accounts.

Protecting against brute force attacks starts with a strong administrator password. There are also many popular plugins, such as Shield Security, the Jetpack Protect module, iThemes Security, and Wordfence, which offer protection from brute force attacks.

If you want to make sure your router is not vulnerable to being recruited for these attacks, Wordfence has created a tool that makes it easy to check. It detects whether your home router has port 7547 open or if it’s running a vulnerable version of RomPager. If you find that your router is vulnerable or port 7547 is open, Wordfence has published instructions for how to secure your device.

 

Article by Wp Tavern

Read More

By goonmim@admin
Election Campaign Management System

As elections approach in #kenya software developers have come up with an Election Campaign Management System which will effectively manage the campaign trail finances. Some of the key features include:

The ECMS has the following Key features:-

1. Voter Database The voters database is a critical component of the Application System which allows the campaign team to load new voter information via the UI (user Interface forms that have been designed well to give a good user Experience to the user) The Voter database has external APIs that enable external voter data to be automatically on the voters database after passing a certain criteria.

2. Volunteer Management Generally electoral constituencies are consists with many areas. Through Area module, user can make a database of all areas.

3. Volunteer Management Volunteers provide the campaign team energy where individuals can express their support directly to the Candidate and they can also be allocated to various campaigning tasks. The Volunteers can also receive bulk messaging services.

4. Team Coordination In an election team coordination is the strength of the campaign. A campaign team that is well coordinated has very high chances of winning elections. The Team coordination module provides a platform where the team can organize their daily activities and coordinate where collective efforts are required by providing a synchronized calendar for all the campaign period activities. Teams can be created with volunteers.

5. Campaign Analysis The System analyses the campaign activities and provides a comprehensive reports that can be used for the decision making processes. Basically a SWOT Analysis for the candidate. It will help to track development stages of an ongoing campaign.Customization can also be done according to the clients requests.

6. Expense Management and date-to-date Report. Expense management where the campaign funds can be tracked on the various activities that are being recorded on a day to day basis.

7. Bulk SMS for Voters and Volunteers The System also provides a communication platform where the campaign team

For more consult us if interested in the software to manage your campaign trail!!

Read More

By goonmim@admin
8 Ways To Drive Traffic To Website

Read More

By goonmim@admin