Security News > 2020 > June > Attackers tried to grab WordPress configuration files from over a million sites
A threat actor that attempted to insert a backdoor into nearly a million WordPress-based sites in early May, tried to grab WordPress configuration files of 1.3 million sites at the end on the same month.
"The previously reported XSS campaigns sent attacks from over 20,000 different IP addresses. The new campaign is using the same IP addresses, which accounted for the majority of the attacks and sites targeted. This campaign is also attacking nearly a million new sites that weren't included in the previous XSS campaigns," Wordfence threat analyst Ram Gall shared.
The goal of this latest campaign was to grab the wp-config-php file, which contains database credentials, connection information, authentication keys and salts.
"An attacker with access to this file could gain access to the site's database, where site content and users are stored," Gall pointed out.
He did not say which specific plugins and themes the attackers zeroed in on, but said that most of the vulnerabilities are in themes or plugins designed to allow file downloads by reading the content of a file requested in a query string and then serving it up as a downloadable attachment.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/YPLv8DwoI0E/