Getting Screwed over Internet Security
It is something over the top and highly complicated, but then it’s all about right protection of your data and system. One may be screwed if nothing is done to protect oneself and the Internet has always been a war between Good guys and Bad guys. Something that we also call as Ethical Hackers and the Criminal Hackers which can be good at times and bad at times.
They have pretty much the same work and possess similar knowledge. All that’s different is their motive, their approach towards something. Recently there was news of WordPress sites under attack from new Zero-Day in WP Mobile Detector Plugin. The WP mobile detector plugin is an effective tool that simply detects mobile users visiting a site and allows webmasters to load a specific mobile-friendly theme.
The Attack by a WP Mobile Plugin
The attackers used this plugin to upload backdoor scripts on WordPress sites in such a way that it would show adult-themed SEO spams on it. Such affected websites would cause severe deterioration of website value among the market.
This kind of vulnerability that came almost after 20 years the PHP coding started is a very serious concern. Something of this extent where an attacker can easily upload any file on the WP site calls upon the basic lessons on file upload security.
Averted a Severe Vulnerability
It is scaring for many who have their websites based on WordPress. But it should be learned that a much dreadful attack was averted by many developers who notified about this loophole to Developer and later to the WordPress Plugins Directory.
The action was swift and WordPress has not only removed the plug-in from the directory but also released it Version 3.6 which had this vulnerability fixed. By the time plugin was removed, it had more than 10 thousand installs but after the update, it has only a bit more than 1000.
The similar code like the Zero-Day was also found in another plugin called ImageMagick which is used to directly or indirectly resize the images uploaded by the end users. There is no panic as security firms like Sucuri have confirmed there is a connection between the two vulnerabilities.
Yet, one thing is for sure, how hard one may try but it is sure going to be attacked yet one has to be ready and prepared for any type of vulnerabilities.