WordPress under attack : Types and Purposes

The moment you start thinking “why attack my little website” is the moment you must understand that you need to know a bit more of how a part of the internet works. You see, there are the spammers for instance out there, who will attack your website in order to post comments on your blog posts or pages with specific language in order to gain maybe some exposure and visibility over the web.

There are the other spammers who will post links on your website to their own websites to they get traffic or they get your visitors to click your links in order to direct them to their websites and carry out other actions there. So what are the general types or attacks a wordpress website can take?

Most are common to all websites and here is a list to start with :

Spam Comments

The simplest way of attacks is the actions someone takes in order to post comments to your blog posts or wordpress pages, in order to mainly do two things :

Add text with some language about a product, a company or a service so they get exposure to your visitors and maybe some visibility by search engines. If your website is in a good “relatioship” with search engines, then they could benefit from people finding your website, reading the comments and thus, seeing their info too.

Add a link to a comment on your blog posts or pages in order to lure visitors to their own websites after they click those links. In such cases and when the users are directed to their own website ( the spammers’ websites ), they mainly either advertise something or they pass on malware to the users, trying to infect their computers with various types of viruses, keyloggers for instance.

In wordpress websites that are not updated / set up to handle such efforts for spammy comments, this is the most common phenomenon.

Defacements

The next common type of attacks is called “defacement”. Its about removing the standard homepage of a website and replacing it with another one. This means that when a user accessed your website, they will not see your homepage but the one the attackers replaced it with. Why? So they can pass on a message, mostly political. For instance, you will see homepages being defaced with other homepages about various criminal groups or para-political groups.

This is a far more serious type of attack than spamming as for the attackers to carry it out, they will need to have deeper access to your website or your web server. Defacements are relatively easy to remedy, especially if your web server keeps backups of your website.

The most common reason defacements succeed, is the bad file permissions on your web server. If you allowed your folders to be written by the “world” or “everyone” then defacements are a real piece of cake to do.

Malware infection and injections

The next common type of attack, highly more sophisticated than the previous two is malware infection on your website. In layman’s terms, your website is being hacked in order to inject malicious code in its various sections which will run every time a user visits those sections. Then the code runs, it will “connect” to various malware servers around the web and “stream” data to your visitor’s computer which will eventually form up a local virus on their computer.

Viruses generated by such a “stream” are key loggers which log the user’s keystrokes and then send them to their owners, spyware which record and send user’s data, adware which popup ads on the user’s computer and more. Depending on the user’s operating system and level of antivirus & antimalware protection, those may succeed or not.

In order for the attacker to be able to successfully carry out such attacks, two possible reasons should be put into consideration :

1. your website contains plugins or themes that are un-patched or old or badly built, thus making them vulnerable and easy to hack. In such cases, a plugin or a theme has a security “hole” which the attacker finds and utilizes to gain remote access to your website’s file structure on your web server. By using sophisticated software, the attacker is then able to write on your webserver thus being able to edit your website’s code ( remember that wordpress is open source ) or create more code files which will synthesize the larger picture.

2. your web server security is bad and your adminstration username and password are weak, easy to guess by an attacker. If this is the case, then the attacker can gain high-level access to your server, which means they get the full management options, thus being able to do almost anything they want on your website.

If this is the case, then your website is either a target or a larger scale of attacks that leverage a well know security loophole in the wordpress platform, or a popular plugin that you use, or your website has been a real and important target for such an attack. For the attack to succeed, more effort has been put in by the attacker as this is a deep attack which infects your website in its core. As you can guess, this is one of the most difficult situations to remedy.

DOS and DDOS

This is the situation when lots of “agents” attack your website in order to make it fail and not load. This is why DOS stands for Denial Of Service attack. In simple words, your website is requested by too many sources at the same time, your website server tries to cope but cannot ( due to its certain resources it cannot exceed ) and eventually the server fails, making your website inaccessible for some time, until the server can handle the requests again. This attack does not imply your website has been compromised as far as its security is concerned but there are things you can do on your website to better handle such cases.

A DDoS attack is a DoS attack taken to the next level. It stands for Distributed Denial of Service attack and its a DoS attack, multiplied by X. In DoS one single computer or small cluster of computers requests your website until it drops. In DDoS, thousands or even millions of computers perform this action simultaneously from around the world. DDoS attacks mainly target bigger websites or the data centers as a whole.

In order to protect your website from DDoS attacks, you can perform some security hardening on it which will “behave” like a firewall, stopping the attackers after it recognizes an effort for such attacks.

Brute Force Admin area hacking

In this case, a hacker tries to enter your admin area, thus wp-admin in most of wordpress websites, in order to gain access to your back end. By doing this, they can perform various tasks as content edits, adding malicious code, installing malicous plugins and more. By no means should someone enter your website’s admin area like they should not access your web server’s management area or all doors are open to them.

This attack’s success rests on the fact that most website administrators, do not pay attention to how they choose their usernames and passwords. Weak and obvious passwords are the most common reason. We will see how to avoid such attacks later in this document.

Other types of attacks

The aforementioned attacks are active attacks that someone does, there are some points where you passively fall victim to an attack without knowing it. For instance, storing your passwords in plain text on your email client or storing them in an SMS on your phone, saving them on your desktop, in case your computer / phone / email client is not very very well secured, will make your attacker’s life easy.

Also, there is something from the “old days” called “social engineering” where a “technician” calls you or sends you an email ( phishing ) asking you for your credentials in order to perform “standard maintenance” or “some critical fixes” and so on.

Advertisements