<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-5HLVVHN" height="0" width="0" style="display:none;visibility:hidden">
Subscribe to Imunify security Newsletter

Wide-scale Brute Force Attacks Took Place on July 24, 2020

IMUNIFY360_BRUTEFORCE_01

 

Brute force attacks are the most commonly spread type of cyber attack. The goal of the attacker is to gain access to a popular Content Management System (CMS) like WordPress and then use the CMS dashboard’s administrative permissions to perpetrate further infection of the website.

Our monitoring system detected a significant spike in the triggering of WordPress brute force protection rule on July 24. The attack lasted from 2am to 5pm UTC and consisted of approximately 15 million

Wide-scale Brute Force Attacks Took Place on July 24, 2020

IMUNIFY360_BRUTEFORCE_01

 

Brute force attacks are the most commonly spread type of cyber attack. The goal of the attacker is to gain access to a popular Content Management System (CMS) like WordPress and then use the CMS dashboard’s administrative permissions to perpetrate further infection of the website.

Our monitoring system detected a significant spike in the triggering of WordPress brute force protection rule on July 24. The attack lasted from 2am to 5pm UTC and consisted of approximately 15 million

Customizing Google reCAPTCHA Keys

IMUNIFY360_RECAPTCHA_01

 

Prior to version 4.9, Imunify360 used embedded reCAPTCHA keys to show Google reCAPTCHA challenge for greylisted IP addresses and did not require any settings for captcha challenge. Starting from v4.9, Imunify360 admins can specify their own reCAPTCHA keys for the server.

In this article, you can find a step by step guide on how to set up a custom site and secret keys for your Imunify360 server.

Customizing Google reCAPTCHA Keys

IMUNIFY360_RECAPTCHA_01

 

Prior to version 4.9, Imunify360 used embedded reCAPTCHA keys to show Google reCAPTCHA challenge for greylisted IP addresses and did not require any settings for captcha challenge. Starting from v4.9, Imunify360 admins can specify their own reCAPTCHA keys for the server.

In this article, you can find a step by step guide on how to set up a custom site and secret keys for your Imunify360 server.

Vulnerable PressForward WordPress Plugin Was Available Almost a Year

IMUNIFY360_NEUT_MAL_GRAPHICS_V2_01 (1)

 

The Imunify security team recently detected a vulnerable plugin in the WordPress plugin directory. It’s called PressForward, and it’s used to manage editorial workflow. This free plugin included an iframe that could be used to send visitors to a malicious web page. 

The Imunify team identified the vulnerability in this plugin on the first of July, 2020. At the time it was discovered, the plugin was installed on 800+ websites, where it could be used to send visitors to phishing sites and conduct black SEO campaigns. The plugin’s change log indicates that it has been there for almost a year:

Vulnerable PressForward WordPress Plugin Was Available Almost a Year

IMUNIFY360_NEUT_MAL_GRAPHICS_V2_01 (1)

 

The Imunify security team recently detected a vulnerable plugin in the WordPress plugin directory. It’s called PressForward, and it’s used to manage editorial workflow. This free plugin included an iframe that could be used to send visitors to a malicious web page. 

The Imunify team identified the vulnerability in this plugin on the first of July, 2020. At the time it was discovered, the plugin was installed on 800+ websites, where it could be used to send visitors to phishing sites and conduct black SEO campaigns. The plugin’s change log indicates that it has been there for almost a year:

Neutralizing Malware From The WPNull24 Site

IMUNIFY360_NEUT_MAL_GRAPHICS_V2_01

The Imunify security team has identified a security threat: a website, wpnull24.com, that provides WordPress themes infected with malware. This site offers “nulled” themes, or paid-for themes that have been modified so they can be downloaded for free. 

The themes provided free of charge at wpnull24.com are particularly dangerous, because installing one of them infects all of a site’s themes, plugins, and core WordPress files with malware. Once a site is infected, it can be used for black SEO, phishing, and sending spam as well. Access to an infected site can also be sold to other cyber-criminals. 

Neutralizing Malware From The WPNull24 Site

IMUNIFY360_NEUT_MAL_GRAPHICS_V2_01

The Imunify security team has identified a security threat: a website, wpnull24.com, that provides WordPress themes infected with malware. This site offers “nulled” themes, or paid-for themes that have been modified so they can be downloaded for free. 

The themes provided free of charge at wpnull24.com are particularly dangerous, because installing one of them infects all of a site’s themes, plugins, and core WordPress files with malware. Once a site is infected, it can be used for black SEO, phishing, and sending spam as well. Access to an infected site can also be sold to other cyber-criminals. 

WAF (Web Application Firewall) Rules Auto-Configurator

WAF-rulesets2

The Web Application Firewall (WAF) is one of the key elements of Imunify’s web server protection system. It contains hundreds of rules to protect against all known (and some as-yet unknown) vulnerabilities. 

Our rule-intensive WAF provides excellent protection, but it does have potential drawbacks. The more rules are included, the more resources Imunify can consume, and the slower the server can get. Also, including more rules can increase the number of false positives, or erroneously identified “threats.” 

WAF (Web Application Firewall) Rules Auto-Configurator

WAF-rulesets2

The Web Application Firewall (WAF) is one of the key elements of Imunify’s web server protection system. It contains hundreds of rules to protect against all known (and some as-yet unknown) vulnerabilities. 

Our rule-intensive WAF provides excellent protection, but it does have potential drawbacks. The more rules are included, the more resources Imunify can consume, and the slower the server can get. Also, including more rules can increase the number of false positives, or erroneously identified “threats.” 

Malware Cleanup: A Safe Way To Remove Malicious Code from Wordpress Website

how-to-cleanup

Over a typical 3-month span, the average server has around 1500 kinds of malware injected into its files. Lately, a great many of these injections have been occurring in WordPress installations. What should you do when malicious code is injected into WordPress files? 

Malware Cleanup: A Safe Way To Remove Malicious Code from Wordpress Website

how-to-cleanup

Over a typical 3-month span, the average server has around 1500 kinds of malware injected into its files. Lately, a great many of these injections have been occurring in WordPress installations. What should you do when malicious code is injected into WordPress files? 

Fixing A Vulnerability In bbPress Plugin For WordPress

fixing-bbPress

bbPress, a popular WordPress plugin, was recently found to contain a serious vulnerability. 

How should bbPress users address it? The best way is to update the plugin and install the latest version. But if they can’t or don’t do this, Imunify has them covered. Read below to find out how. 

Fixing A Vulnerability In bbPress Plugin For WordPress

fixing-bbPress

bbPress, a popular WordPress plugin, was recently found to contain a serious vulnerability. 

How should bbPress users address it? The best way is to update the plugin and install the latest version. But if they can’t or don’t do this, Imunify has them covered. Read below to find out how. 

False Positive SMW-BLKH-46666-auto from Wordpress file

Description

8 Jun, 2020 new Black Hashes DB for Imunify products were released.

Release details:

       UUID: 0d09db4d-8610-4a74-b026-1934bb1e9854

       Date: 2020-06-08 

By this update legitimate WordPress file wp-blog-header.php was rated as malicious with verdict SMW-BLKH-46666-auto which caused False Positive alerts.

False Positive SMW-BLKH-46666-auto from Wordpress file

Description

8 Jun, 2020 new Black Hashes DB for Imunify products were released.

Release details:

       UUID: 0d09db4d-8610-4a74-b026-1934bb1e9854

       Date: 2020-06-08 

By this update legitimate WordPress file wp-blog-header.php was rated as malicious with verdict SMW-BLKH-46666-auto which caused False Positive alerts.

Fixing IMAP Performance Issues

fixing-imap

 

What are the issues?

 

In some cases, users of Imunify360 v4.7 can experience issues with IMAP authorization performance. These issues are related to the amount of UDP traffic produced when Imunify360 protects a server against brute force mail attacks. 

Fixing IMAP Performance Issues

fixing-imap

 

What are the issues?

 

In some cases, users of Imunify360 v4.7 can experience issues with IMAP authorization performance. These issues are related to the amount of UDP traffic produced when Imunify360 protects a server against brute force mail attacks.