WordPress Weekly News 014: Hackers using routers, Sathurbot target WordPress and more
A few days ago, United Airlines dragged a passenger off from one of their flights. While many were infuriated, some took to Twitter to bash the Airline management and its crew. Some of the tweets were brilliant.
You carry on, we carry off #NewUnitedAirlinesMottos
— Sir Castic One (@SnapDad42) April 11, 2017
Normal flights have cabin crews, we have bouncers #NewUnitedAirlinesMottos
— NKS (@NKS1806) April 11, 2017
We’ll drag you all over the world
— rdu3 (@rdu3_richard) April 11, 2017
Meanwhile, I have been collecting a whole bunch of exciting WordPress news that I am going to be covering in this week’s WordPress roundup. This hasn’t been the best of weeks for WordPress users as thousands of websites were compromised due to two, not one, security breaches. We will also discuss WordCamp for publishers and much more.
Sathurbot Hits WordPress
A Trojan, disguised as a Torrent, has been exploiting weak WordPress administrator accounts. Sathurbot has been causing brute force attacks by injecting malicious codes into the .js files. It contains installer executable with some text as well, which lures the user into running the executable file that delivers Sathurbot.
The Trojan can update and download itself and initiate other executable files as well. It uses 5000 random words that combine to form a 2-4 word phrase which is used as a query string by the Google, Bing and Yandex search engines.
Hackers Using Routers To Attack WordPress Websites
Hackers have found a new way to penetrate your WordPress admin panels – Routers! Hackers are launching coordinated attacks on administrator panels through unsecured home routers. They can guess the password once they have the access and take control of your accounts.
Attackers gain entry by sending malicious requests to the router’s 7547 port. They exploit the security bugs in the TR-069 router management protocol to highjack devices. WordFence, a security plugin provider, detected the flaw. It reported that around 7% of all the brute force attacks on WordPress sites arrived from home routers.
A huge factor that contributed to these attacks is the lack of knowledge of users who don’t have enough knowledge to secure their networks. WordFence provided a solution which involves ISPs filtering out traffic coming from public internet targeting the 7547 port.
WordCamp For Publishers
WordCamp will be taking a new route this time in Denver, where it will be held only for publishers. The first of its kind will be held from August 17 – 19. It will cater to anyone who uses WordPress to manage a publication regardless of its size. Initially, it was decided to name the event “WordCamp for Journalists” but it was changed to “WordCamp for Publishers” to include all the different professionals related to WordPress publishing.
The call for speakers and workshops is expected to open soon and will close in May. The attendees will be limited to 230 and the ticket will cost $40 and will go on sale in May. Since this is the first event of its kind, the organizers are keeping a low number of attendees.
The lead organizers, Steph Yiu and Adam Schweigert, have experience regarding arranging events of such magnitudes. Schweigert has led some working groups which had members from MIT and Knight Foundation on CMS related projects. Yiu was also part of that working group.
Advanced WordPress Takes The High Road – Moves To Admin Approved Posts
The famous Facebook group Advanced WordPress recently announced that it will now only have posts that have gone through and has been accepted by the admins. After years of allowing members to post freely, it has changed its course to curb irrelevant and low quality content in the group .
The group has over 28,000 members and has seen some lively WordPress related conversations over the years. Members have suggested the group admins to start a forum-based website using WordPress but the success of the group has been massively contributed by the infrastructure of Facebook. Many members receive notifications of activities in the group .
However, the group has suffered at the hands of low quality content forcing the admins to make such a move. Matt Cromwell, the group admin, posted on the group:
“One week from today, we will move this group to Admin Approved posts only. It’s a big move that we don’t take lightly, but we believe that in the long-run, it will greatly improve the overall value and quality of this group.”
You can read the details here.
The Week’s Best Tutorials & Tips
That’s all from this week’s WordPress roundup. See you all next week with more WordPress news and tutorials.
Subscribe to Get a FREE WordPress Ebook Right in Your Inbox
WPblog provides the complete guide to launch your WordPress website completely FREE!
Moeez is ‘The’ blogger in charge of WPblog. He loves to interact and learn about WordPress with people in the WordPress community. Outside his work life, Moeez spends time hanging out with his friends, playing Xbox and watching football on the weekends. You can get in touch with him at moeez[at]wpblog.com.