BTC $66157.0605
ETH $3160.9620
BNB $600.0523
SOL $153.7382
XRP $0.5487
stETH $3158.2980
DOGE $0.1576
TON $5.5645
ADA $0.5086
AVAX $38.3049
wstETH $3680.0518
WBTC $66253.4640
DOT $7.3621
WETH $3160.3315
TRX $0.1121
BCH $509.2779
LINK $15.3526
MATIC $0.7263
UNI $8.0690
ICP $14.6066
LTC $84.3899
DAI $0.9987
CAKE $2.9756
RNDR $9.0447
IMX $2.3823
STX $3.0517
NEAR $6.8843
ETC $27.8833
FDUSD $1.0002
MNT $1.1936
FIL $6.4625
TAO $503.6116
OKB $54.7164
HBAR $0.0881
VET $0.0418
KAS $0.1270
ATOM $8.7670
PEPE $0.0000
GRT $0.2943
WIF $2.7575
FET $2.4107
MKR $2818.4937
INJ $27.8130
USDE $0.9992
THETA $2.3518
XLM $0.1162
CORE $2.5749
BTC $66157.0605
ETH $3160.9620
BNB $600.0523
SOL $153.7382
XRP $0.5487
stETH $3158.2980
DOGE $0.1576
TON $5.5645
ADA $0.5086
AVAX $38.3049
wstETH $3680.0518
WBTC $66253.4640
DOT $7.3621
WETH $3160.3315
TRX $0.1121
BCH $509.2779
LINK $15.3526
MATIC $0.7263
UNI $8.0690
ICP $14.6066
LTC $84.3899
DAI $0.9987
CAKE $2.9756
RNDR $9.0447
IMX $2.3823
STX $3.0517
NEAR $6.8843
ETC $27.8833
FDUSD $1.0002
MNT $1.1936
FIL $6.4625
TAO $503.6116
OKB $54.7164
HBAR $0.0881
VET $0.0418
KAS $0.1270
ATOM $8.7670
PEPE $0.0000
GRT $0.2943
WIF $2.7575
FET $2.4107
MKR $2818.4937
INJ $27.8130
USDE $0.9992
THETA $2.3518
XLM $0.1162
CORE $2.5749
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • 15,000 WordPress sites are redirected to a scam forum


    Hackers are conducting a massive SEO poisoning campaign by compromising nearly 15,000 websites in order to redirect visitors to fake forums, according to a new report from cybersecurity company Sucuri.

    According to experts, each hacked site contains about 20,000 files used as part of a search engine spam campaign, with most sites based on WordPress.

    The researchers believe that the goal of the attackers is to create a large number of indexed pages in order to increase the authority of fake sites and increase their ranking in search engines.

    Cybercriminals are likely to prepare these sites for further use as phishing sites or a source of malware infection. And the presence of an "ads.txt" file on the target sites means that attackers want to drive more traffic for ad fraud.

    According to Sucuri, hackers are modifying WordPress PHP files to inject redirects to fake forums. In some cases, attackers host their own PHP files on the target site using random names or names that mimic real ones, such as "wp-logln.php".

    The malicious code redirects the user to the URL "https://ois.is/images/logo-6.png" . The JavaScript code is then loaded, which redirects the user to a Google search URL, where the user is taken to a malicious forum. The PNG file uses the "window.location.href" function to create a Google search redirect result to one of the 1137 target domains.

    Using the Google search click URL is likely to improve the performance of the URLs in the Google index so that the algorithms consider the sites popular and rank higher in the search results. Also, redirecting via URLs makes the traffic more legitimate, possibly to bypass security systems.

    Notably, by adding exclusions, logged-in users and site administrators are not redirected to fraudulent sites so that they do not notice the malicious campaign.

    Sucuri was unable to determine how the attackers hacked the websites. Experts suggest that the attackers used vulnerable plugins or picked up the password of the WordPress administrator. Sucuri recommended updating all WordPress plugins and website CMS to the latest version and enabling two-factor authentication (2FA) for admin accounts.

    Author DeepWeb
    New Cloud9 botnet attacks thousands of users around the world
    Russian man arrested in Canada for participating in LockBit campaigns

    Comments 0

    Add comment