Are you confident that your WordPress site is safe and secure from security threats?

Researchers from a web security company called “Sucuri” reported a wide-scale "black hat" campaign that has affected nearly 15,000 websites. 

The perpetrators altered an average of 100 files per website, which is unusual, according to the experts. Often, attackers only target a few pages to prevent getting detected.

The malware modifies the content of a website and redirects users to low-quality Q&A sites. These spam redirects aren't new. However, these recent attacks, discovered between September and October, are a lot more clever, according to reports.

What Types of Files Are Usually Infected?

According to researchers, the most commonly affected files are WordPress files, but they also discovered infected .php files. 

Here’s a list shared by Sucuri of the most commonly infected file types:

• ./wp-signup.php
• ./wp-cron.php

• ./wp-links-opml.php
• ./wp-settings.php
• ./wp-comments-post.php
• ./wp-mail.php
• ./xmlrpc.php
• ./wp-activate.php
• ./wp-trackback.php
• ./wp-blog-header.php

The research team reported that the malware drops malicious files only if there’s no detected login attempt. This keeps the redirects from being detected by website administrators. They also noticed two distinct attacks or redirect techniques:

• Basic redirect – The attackers employ a simple combination of window.location.href and meta refresh redirects.

• Sophisticated redirect – The attackers save information about the site redirect in the user’s browser to ensure redirects are done only once every 2 or 6 hours, depending on the variant used. This is hardcoded in the variable allowedHours.

Where Are Visitors Being Redirected?

According to the researchers, visitors are redirected to.png files and spammy Q&A sites. The attackers also rotate the landing pages or pages that they redirect users to. 

The Question2Answer (Q2A) website, one of the pages users are redirected to, is an open-source Q&A platform. 

According to researchers, they have not noticed malicious behavior on these websites. However, the attackers may, at any time, move to redirect traffic to other third-party websites.

What Is the Suspected Purpose of the Attacks?

Experts say that the attackers may be working to deceive and make Google believe that real people from different websites are clicking on the search results. These search results are being linked to their redirects. 

It all comes down to the perpetrator's desire to increase website traffic and authority to rank higher and attract legitimate searches and clicks.

Is there a way to protect your website from these malicious attacks?

Yes, there are ways to keep your business or dental practice website safe from malware attacks. Here are some tips to boost site security:

• Routinely search your files for unusual modifications or files.
• Update your software, as the most recent versions are often the most secure as well.
• Consider moving to another content management system.  
• Change passwords regularly or when needed.
• Invest in professional website security services. 
• Partner with a dental marketing professional to keep your site up to date and regularly health-checked. 

Why Could Your WordPress Site Be at Risk?

WordPress is an open-source content management system. This means that the original source code is free for everyone to access and is modifiable.

Do you use a WordPress site for your business? Its vulnerability could be one reason to consider switching to a new platform. 

If you feel your dental practice website has been compromised and need urgent help getting it back up and running, get in touch with us at Dental Growth Strategies. 

We’ll look into the issue and fix it for you as soon as possible. Let's avoid or shorten downtime and protect your digital assets.

This website uses cookies.

Accept