Security researchers at Wordfence first determined that something noteworthy was happening when they witnessed an unusual spike in attacks originating from Algeria against its customers’ WordPress websites.
Looking deeper into what was happening, the researchers discovered that the attacks were being launched from more than 10,000 IP addresses. 97% of the attacking IP addresses found in the country were owned by customers of the state-owned telecommunications provider, Telecom Algeria.
The researchers determined that the attack was more sophisticated than normal, evading detection by only using each IP address for a short period of time:
These IPs switch on, perform a few attacks and then switch off and aren’t heard from again for a month. What we have found is a botnet that is distributed across thousands of IPs. Each IP is only performing a few attacks, those attacks are spread across many websites and the attacks only last a few minutes or hours.
The attacker controlling this botnet is using several evasive techniques. They are spreading their attacks across a very large number of IP addresses. They are using low frequency attacks to avoid being blocked. They are also spreading their attacks across a large number of WordPress sites.
Surveying the IP addresses, the researchers discovered that many were connected to a router manufactured by Zyzel, running Allegro RomPager 4.07, an embedded web server.
And therein lies the problem.
Way back in 2014, Checkpoint alerted the world to a critical vulnerability in RomPager that they dubbed the “Misfortune Cookie” which could allow an attacker to remotely hijack a router and use it to attack home and business networks.
At the time, Checkpoint said it had “detected approximately 12 million readily exploitable unique devices connected to the Internet present in 189 countries across the globe, making this one of the most widespread vulnerabilities revealed in recent years.”
What’s more – the bug had been there for some time. The bug was first introduced into RomPager’s code back in 2002. Yes, this bug has been around for 15 years.
It would be great to think that by now internet-connected devices had been updated by now against a critical vulnerability that has been known about for three years, and been in existence for so long, but clearly some routers have been left to fend for themselves.
And it’s not just a problem for Algerian computer users. Wordfence produced a list of 28 ISPs around the world who it says have been the launchpad for attacks which suggest compromised routers.
And, if you do a search on Shodan, you’ll find that over 41 million home routers world-wide have port 7547 open to the public internet.
The folks at Wordfence have produced an online tool that can tell users if their router is vulnerable to attack or not.
Clearly if routers were being patched properly with security fixes then this would help to eradicate this particular attack. But owners of vulnerable routers are either oblivious to the problem, don’t know that they should close port 7547 to outside access, or are simply not able to disinfect and update their systems.
Furthermore, maybe some of the affected ISPs have dropped the ball when it comes to properly defending their customers from such flaws too.
Wordfence’s research team has a message for those ISPs:
Exposing port 7547 to the public Internet gives attackers the opportunity to exploit vulnerabilities in the TR-069 protocol. ISPs should filter out traffic on their network coming from the public internet that is targeting port 7547. The only traffic that should be allowed is traffic from their own Auto Configuration Servers or ACS servers to and from customer equipment.
There are already a large number of compromised routers out there. ISPs should immediately start monitoring traffic patterns on their own networks for malicious activity to identify compromised routers. They should also force-update their customers to firmware that fixes any vulnerabilities and removes malware.
But what about the other side of the attack? How can owners of WordPress sites protect themselves from brute-force attacks that attempt to break into their admin consoles.
It’s not as though there is a small pool of potential victims. WordPress is the software that powers around a quarter of all websites, making it a hot target for online criminals.
For more tips on securing your WordPress website from attack, read this guide.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc
On – 13 Apr, 2017 By Graham Cluley
We are in the golden age of mobile. Nearly every person in this world uses a mobile device when looking for information online. For this reason, small- and medium-sized businesses (SMBs) have catered to the needs and behaviors of these mobile users worldwide to ensure satisfying, positive experiences. In fact, Google gives a mobile-friendly site a boost in search engine ranking in relation to its recent algorithm update.
But once an SMB has gained a competitive advantage by making its website mobile-friendly, what should be next?
Page speed refers to the time it takes a specific web page to display its content — text, images and more.
Google uses a point-based system that ranges from 0-100 that considers two main components of page speed: time to above-the-fold load and time to full page load.
When optimized, page speed can work wonders for your brand — no matter what your business goals are. Fast loading sites, in general, receive 25% more views in ads, lower bounce rates and better reputations. Best of all, users stay longer.
That’s why your page speed directly affects your sales and conversions. The faster your web page, the more revenue you’ll make.
The first step to optimizing a website’s speed is to analyze its current performance. Then, after confirming a slow loading time, SMBs can get started with speeding up their sites by optimizing images, minifying code and using a caching system.
One excellent solution to guarantee fast website speed is to use a site builder that’s pre-designed with speed in mind. That way, you don’t have to optimize page speed yourself, which can take a lot of time and effort.
To date, there are known website builders that vary in speed performance, including Squarespace, WordPress, Weebly, Wix and Duda.
Google aims for a minimum speed of less than half a second. However, they have set the threshold to 2 seconds. Beyond 2 seconds, your site can be considered slow.
Because the most practical solution to building speed is starting with a platform that has already been tightly optimized, we need to look at the actual Google PageSpeed Insights test results of the abovementioned leading selected website builders in the market.
WordPress scored 62/100 on mobile and 83/100 on the desktop. The test was based on WordPress’ first theme (Edin) for businesses.
Weebly scored 48/100 on mobile and 58/100 on the desktop. The test was based on Weebly’s LoveSeat theme.
Wix scored 48/100 on mobile and 71/100 on the desktop. The test was based on its Barista theme.
Duda scored 91/100 on mobile and 97/100 on the desktop. The test was based on one of Duda’s websites. Among the four, Duda had the highest score on speed performance.
Small and medium-sized business have accepted mobile optimization and have therefore followed the best practices to gain loyal customers. The next critical ranking factor to capitalize on is page speed. While brands can tap into methods to speed up their sites, building their online businesses from the ground up while using a platform that’s designed to the latest speed advancements puts them far ahead of the curve.
Customers are making quick judgments about you the moment they arrive at your site. A few seconds of delay creates a strong negative impression.
Page speed is a critical element that online businesses cannot shove aside. Make your customers’ web experiences hassle-free and worthwhile. Don’t give them a reason to choose competitors simply because you failed to optimize for speed. Using a platform built for speed is the most sensible way for you to guarantee higher conversions, a better Google ranking, and top-notch customer satisfaction.
On – 28 Mar, 2017 By Segun Onibalusi