Categories
Malware MySQL PHP Security Advisories Technology News Web Applications WordPress

OneTone WordPress Theme Vulnerability

We found many WordPress websites redirecting to malicious URLs and spam domains. After a deep investigation it turned out to be caused by the vulnerable WordPress OneTone theme.

The hack usually takes place in this file: ./wp-content/themes/onetone/includes/theme-functions.php

Beside the above file infection, The Hacker also inject a “eval(atob” malicious javascript malware in WordPress database onetone value within the wp_options table which is responsible for redirecting the website to other suspicious domains such as ischeck[.]xyz

You can check your website security by using this Free website malware scanner

Here is a snippet showing the infection in action as found on an infected website:

[[email protected] ~]$ curl -I https://victim-website[.]net/

HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=15
Date: Mon, 11 Apr 2020 19:51:16 GMT
Server: Apache
X-Powered-By: PHP/7.2.16
Location: https://ischeck[.]xyz

As you can notice, The Rank Math SEO is causing a redirect to the malicious domain ischeck which is then redirect to checkandgo and overzoruaon spam domains. Some of the malware domains involved with this specific hack incident:

checkandgo[.]info

ischeck[.]xyz

https://overzoruaon[.]com/

Signup and Try our malware removal service and let’s clean & protect your websites by using our Website Firewall Protection!

You can check your website security by using this website malware scanner

https://scan.attacker.net

Website Hacked OR #Blacklisted? Get it Cleaned & Protected Immediately!

https://attacker.net/website-security-plans-pricing

https://attacker.net/website-security

Free Scanner: https://scan.attacker.net

#Security #wordpress #joomla #magento #drupal #hosting #cpanel #linux #websitesecurity #securedwebsite #hacked

Categories
Ethical Hacking Malware PHP Security Advisories Web Applications WordPress

WordPress Rank Math SEO Plugin vulnerability used to inject malware Redirecting to other websites

Recently, We noticed so many infected websites redirecting to malicious URLs and spam domains. After a deep investigation it turned out to be caused by the vulnerable Rank Math SEO WordPress Plugin.

The vulnerable version is 1.0.40.2 so make sure you get it updated to last released version that have this vulnerability patched.

Here is a quick snippet showing the live infection in action as found on an infected website:

[[email protected] ~]$ curl -I https://victim-website[.]com/

HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=15
Date: Mon, 28 Mar 2020 13:51:16 GMT
Server: Apache
X-Powered-By: PHP/7.3.16
X-Redirect-By: Rank Math SEO
Location: https://ischeck[.]xyz

As you can notice, The Rank Math SEO is causing a redirect to the malicious domain ischeck which is then redirect to checkandgo and overzoruaon spam domains. Some of the malware domains involved with this specific hack incident:

checkandgo[.]info

ischeck[.]xyz

https://overzoruaon[.]com/

Signup and Try our malware removal service and let’s clean & protect your websites!

You can check your website security by using this website malware scanner

https://scan.attacker.net

Website Hacked OR #Blacklisted? Get it Cleaned & Protected Immediately!


https://attacker.net/website-security-plans-pricing

https://attacker.net/website-security

Free Scanner: https://scan.attacker.net

#Security #wordpress #joomla #magento #drupal #hosting #cpanel #linux #websitesecurity #securedwebsite #hacked