There was an extremely annoying hack of IT sites this week. As far as I can make out, one of the plugins that is used for Word Press sites was maliciously altered, so that everyone who had it installed got unwanted attacks on their websites.
A plugin is a small piece of software that helps Word Press users add functions to their sites without having to create the programming code themselves. You can get plugins for contact forms, for selling Amazon items, for securing your site, etc. The plugin that was affected was WP GDPR.
The plugin was a fairly new one because it was created to help website owners deal with the new legislation on GDPR that was made in the European Union earlier this year. Plugins are put into the WordPress repository to show only approved ones to WP users. While this plugin was in the WordPress repository, for some reason it was removed from it, possibly because it had not been updated and in the short while between being rremoved from the repository and being updated and returned, it was made malicious.
The plugin was installed on thousands of sites and every site on which it was installed saw new users being created. Not just any users but administrators - who can make big changes to the site! I had the plugin installed on a number of my sites. But I also had Wordfence, a security plugin installed and it told me that new users had been created, so I went in and deleted them before they could do any damage. In the meantime, the security plugin company let everyone know what was happening.
Email - GRRRR!
Unfortunately, yahoo decided to send some of the warning emails into the spam box! That meant I didn't get into the sites to clear the users before they started creating damage. I got a couple of sites hacked. They locked me out, and put different webpages up on my site. These pages may have been malicious, that is downloading viruses, I don't know. I managed to get into the main control panel (which is separate from the page creator) and delete the new users there. I also deleted the offending plugin so they couldn't get back in.
I have deleted one site entirely. It was only small, so I just recreated it. Another, I have downloaded the articles and I will delete it and recreate it. Google wasn't showing ads on it, so there may be something left behind that I haven't got rid of so I will just delete it all and upload the articles again, as plain text.
Fed Up With IT At Minute
I wish these hackers would put their energy and knowledge into creating something for themselves, instead of stealing and messing with other people's stuff. I am tired of IT at the minute!
Image Credit » https://pixabay.com/en/ransomware-cyber-crime-malware-2321110/