Security researchers at Wordfence are reporting that thousands of hacked home routers are attacking WordPress sites. Wordfence firewall and malware scanner products are in use on more than 2 million WordPress sites and the company estimates that 6.7% of all attacks on these sites are coming from hacked home routers.
“In the past month alone we have seen over 57,000 unique home routers being used to attack WordPress sites,” Wordfence CEO Mark Maunder said. “Those home networks are now being explored by hackers who have full access to them via the hacked home router. They can access workstations, mobile devices, wifi cameras, wifi climate control and any other devices that use the home WiFi network.”
Maunder said his team has mostly seen brute force attacks targeting both wp-login.php (the traditional login endpoint for WordPress) and also XMLRPC login. They have also seen a small percentage of complex attacks. Wordfence has detected a total of 67 million individual attacks from the routers the company identified in March.
While Wordfence researchers were creating their monthly attack report, they noticed that Algeria had jumped in rankings from position 60 to 24 in thier “Top Attacking Countries” list. Their review of attack data in Algeria revealed a ‘long tail’ of more than 10,000 attacking IPs originating from an Algerian state owned ISP.
A vulnerability known as “misfortune cookie” is being used in these attacks. It hijacks a service that ISP’s use to remotely manage home routers by listening on port number 7547. ISP’s should close general internet access to this port, but many have not.
“It appears that attackers have exploited home routers on Algeria’s state owned telecommunications network and are using the exploited routers to attack WordPress websites globally,” Maunder said.
Wordfence researchers scanned the devices to find out what services they are running and found that they are Zyxel routers usually used in a home internet setting. They found that many of them have a severe and well-known vulnerability in RomPager, the embedded web server from AllegroSoft.
“We then dug deeper and discovered that many ISPs around the world have this same issue and those routers are attacking WordPress sites via brute force attacks,” Maunder said.
I spoke with Tony Perez, CEO of Sucuri to see if his team has detected anything similar. Sucuri also tracks WordPress brute force attempts, but Perez said current numbers are not remarkable when compared historically to mid-2016.
“I think the reason Sucuri and other companies are not seeing this is because it is a weak ranking signal for malicious behavior,” Maunder said. “As we point out in the report, each of these IPs is only doing between 50 and 1000 attacks per month on sites. They also only attack for a few hours each. These combined are a very weak ranking signal for malicious behavior. That low frequency also makes the attacks more effective because they are less likely to be blocked.”
This particular security issue is unusual in that the vulnerability is with the routers, not with WordPress itself. The attackers bulk hack thousands of devices, upload a WordPress attack script and a list of targets, and then they have thousands of routers under their control to attack WordPress sites.
This type of botnet isn’t terribly uncommon, as security researchers from from ESET recently uncovered a new malware called Sathurbot that uses torrent files as a method of distributing coordinated brute-force attacks on WordPress sites. The vulnerability in this instance is not in the software but rather in weak WordPress administrator accounts.
Protecting against brute force attacks starts with a strong administrator password. There are also many popular plugins, such as Shield Security, the Jetpack Protect module, iThemes Security, and Wordfence, which offer protection from brute force attacks.
If you want to make sure your router is not vulnerable to being recruited for these attacks, Wordfence has created a tool that makes it easy to check. It detects whether your home router has port 7547 open or if it’s running a vulnerable version of RomPager. If you find that your router is vulnerable or port 7547 is open, Wordfence has published instructions for how to secure your device.
Article by Wp Tavern
As elections approach in #kenya software developers have come up with an Election Campaign Management System which will effectively manage the campaign trail finances. Some of the key features include:
The ECMS has the following Key features:-
1. Voter Database The voters database is a critical component of the Application System which allows the campaign team to load new voter information via the UI (user Interface forms that have been designed well to give a good user Experience to the user) The Voter database has external APIs that enable external voter data to be automatically on the voters database after passing a certain criteria.
2. Volunteer Management Generally electoral constituencies are consists with many areas. Through Area module, user can make a database of all areas.
3. Volunteer Management Volunteers provide the campaign team energy where individuals can express their support directly to the Candidate and they can also be allocated to various campaigning tasks. The Volunteers can also receive bulk messaging services.
4. Team Coordination In an election team coordination is the strength of the campaign. A campaign team that is well coordinated has very high chances of winning elections. The Team coordination module provides a platform where the team can organize their daily activities and coordinate where collective efforts are required by providing a synchronized calendar for all the campaign period activities. Teams can be created with volunteers.
5. Campaign Analysis The System analyses the campaign activities and provides a comprehensive reports that can be used for the decision making processes. Basically a SWOT Analysis for the candidate. It will help to track development stages of an ongoing campaign.Customization can also be done according to the clients requests.
6. Expense Management and date-to-date Report. Expense management where the campaign funds can be tracked on the various activities that are being recorded on a day to day basis.
7. Bulk SMS for Voters and Volunteers The System also provides a communication platform where the campaign team
For more consult us if interested in the software to manage your campaign trail!!
This first step isn’t mandatory, but it’s a good idea: back up your computer. If you can, make sure that all of your most important files are saved outside of your PC. More than likely you aren’t going to need this, but it’s better to have it in the event that something goes wrong.
Once Windows 10 starts installing, you’re almost set. Depending on how new your computer is, this could take anywhere from 20 minutes to an hour or longer, but there isn’t that much for you to do aside from click “Next” a few times.
Click Next, check off some settings, and you’re basically good to go
Eventually, the Windows 10 installer will ask you to configure some settings. It’ll offer you the option to customize the settings or to choose what Microsoft calls “express settings.” We’d recommend clicking customize — it won’t take more than a couple minutes longer, and there are some options that you may want to change. That includes how Windows handles location privacy, ad tracking, browser settings, and whether or not your computer automatically connects to open hotspots.
Once you’re through that, the installer will finish setting things up and bring you to the desktop. From there, you’re very nearly good to go. You’ll want to run Windows Update one final time to make sure that you aren’t missing any recent updates or drivers specific to your computer. And that’s it — once you’re sure everything’s up to date, you’re good to go: Ask Cortana a question. Stare at the beauty of the Start menu. Annotate something in Edge. And enjoy the rest of the new but familiar world that is Windows 10.
1) Put your router near the center of your house
A router sends out signals in all directions, so putting it in a corner of your house or apartment — or near a window — means that a significant amount of its signal is wasted.
You might only have a network connection in one spot, but long network cables can be pretty cheap, and moving your router can dramatically improve performance.
2) Lift your router up off the ground
There are two reasons why it’s not a ideal to have your router directly on the floor.
One is that most are designed to broadcast signals slightly downward as they travel from its antenna. Additionally, they can’t easily penetrate some solid materials — metal, concrete, and cement — which may be present in your floors.
As a result, experts recommend having your router at least a few feet off the ground — perhaps on a table or bookshelf. This is also why you shouldn’t put it in the basement, especially if you have a multi-story house and a concrete foundation.
3) Put router in a room where you often use the internet
Regardless of where you put your router, the signal will be strongest in the room it’s in. So ideally, you can put it in a spot that’s relatively near the center of your house and a room in which you actually use WiFi-connected devices.
4) Keep your router out in the open
Because the router’s signal can be absorbed by many materials, you want to have it out in the open as much as possible. In other words, don’t hide it away in a closet, or stick it in between a big piece of furniture and a wall.
Radio waves travel best through open air, so sight lines are a good clue here: if you can see the router from far away, and from many different angles, you’re using it efficiently.
5) Keep the router away from other electronics
All sorts of electronic devices can interfere with your router’s signal: microwaves, TVs, cordless phones — essentially, anything that generates an electromagnetic signal or has a motor. This is why sandwiching it between home entertainment components, beneath your TV, is not a good idea. In general, keep it away from other electronics.
Large metal objects (like mirrors or filing cabinets) and water (like, say, a fish tank) can also block the signal, and should be avoided.
6) Position the antennas vertically
The router’s signal spreads out in the direction perpendicular to that of the antennas. In other words, vertically-oriented antennas will broadcast the signal horizontally, covering more of your house. (On the other hand, if you were more concerned about broadcasting the signal to multiple floors, but a smaller area of each one, you could turn the antennas horizontally.)
7) Measure your signal strength
There are a number of apps — like Cloudcheck or Amped’s Wi-Fi Analytics — that allow you to map your WiFi signal throughout your house, and figure out where it’s weak. This can give you some clues on how to better position your router.
8) Configure the router’s software
In some cases, there are software tweaks you make to improve your WiFi network.
To configure the software, you usually need to enter a specific IP address in your web browser (look on the bottom of the router or just search for your router’s brand name to figure out what that is). Once you’re in the settings, there are two useful things you can try.
One is changing the channel that the router operates on. This is less of an issue for newer routers, but older ones can often cause interference with each other (especially in crowded urban areas with lots of networks), and changing the frequency channel is a way to solve it. These older routers operate at 14 different frequencies — numbered 1 through 14 — and channels 1, 6, and 11 are generally best, because they overlap the least with other channels, causing less interference. The default is usually channel 6, and if you’re having signal problems, try each of them.
Another option is upgrading the router’s software (which is actually called firmware). This won’t be possible for all routers, but for some older ones, manufacturers put out free firmware upgrades from time to time, and these can improve performance. Search for your router model to see if there’s one out there for you.
9) Check to see if your internet service provider is the problem
A simple way of confirming that your router is the problem — and not your actual internet provider — is running a speed test under two conditions: over the WiFi, and with your computer plugged directly into the router via an Ethernet cord.
If they’re both slow, then talking to your ISP or upgrading your plan might help. If the WiFi speed test is much slower, then your router itself is likely the problem.
10) If all else fails, buy new equipment
If you’re still experiencing network problems that weren’t solved by any of these free fixes, upgrading to a new router can make a huge difference, as the technology used to broadcast signals has changed a lot over the years. The Wire cutter has a great buying guide for routers.
You might also try upgrading your current router with a more powerful antenna, though only some routers will let you do this. Finally, to extend your router’s range, you can buy a repeater — a device that picks up your current network and broadcasts it again. It won’t increase your total bandwidth at all, but will spread your network more widely.
Facebook is getting into the job market to take on LinkedIn. Yes, you heard me right. In the next few weeks, Page admins in the U.S. and Canada will now be able to post jobs right on Facebook and receive applications through Facebook Messenger.
Should we be surprised? No. For years now, there has been speculation that the giant social network would take advantage of its huge audience to take on LinkedIn which currently has more than 470m users worldwide and claims to be the biggest professional network on the planet. Well, Facebook has finally decided to do that.
Currently Facebook boats of more than 65 million businesses using its Pages products, and you will all agree with me that it’s much cheaper more sociable to maintain Facebook business Pages than maintaining a website. This new feature according to Facebook, will help businesses find qualified people where they’re already spending their time—on Facebook and on mobile. It is especially aimed at small and medium-sized business that are always finding it hard to find the right people to recruit.
With this feature, it will also be easy for Page admins to create a job post, track applications and communicate directly with applicants. And as with other posts, they can also boost job posts to reach a larger or more relevant audience.