Thousands of WordPress webpages hacked, ESET Ireland finds several Irish pages, including GAA Daily among them.
Last week, WordPress revealed that 4.7.2 had secretly included a fix for an undisclosed critical vulnerability. Evidence has emerged that malicious hackers did not take long to strike after news of the vulnerability was made public, with researchers reporting that multiple public exploits were being shared and posted online within 48 hours.
If left unpatched, the vulnerability could allow a malicious attacker to modify the content of any post or page on a WordPress site.
A number of defacement campaigns have been spotted, including one which has sprayed the words “by w4l3XzY3” across a large number of vulnerable websites.
ESET Ireland found Irish web pages were also affected, among them GAA Daily and several others. According to Google search results, something in the region of 100,000 webpages may have suffered from this particular defacement.
In all likelihood, there are SEO spam gangs who will be keen to exploit this vulnerability in an attempt to meddle with Google search results for their own financial benefit.
If you run a WordPress website, you have to take security seriously. That means, amongst other things, ensuring that you are running the latest version of the software and keeping an eye on the latest security alerts. If you don’t, you’re running the risk that attackers might exploit a security hole that you really should already have patched against.
You can find the full story, including screenshots, on ESET Ireland’s official blog.