Author: Weston Henry

What You Need to Know About the FancyBox for WordPress Vulnerability

wordpress fancybox vulnerabilityFancyBox for WordPress is a plugin which provides stylized, Lightbox-like decoration for blog images. It’s a popular plugin with around half a million downloads, even though it hadn’t been updated in years. Posts emerged on the WordPress community support forum about malware injections and a vulnerability was discovered in the FancyBox plugin.

SiteLock scanners detected the malware — a Javascript payload with an iframe pointing to 203koko[dot]eu — before the vulnerability was known.

Here are three things to consider before moving forward with FancyBox:

Update FancyBox as soon as possible

The initial response to the FancyBox hack was to remove it immediately. Since the vulnerability released, the FancyBox developer released an update which corrects the issue and provides support for WordPress 4.1. If you’re uneasy about using FancyBox, Easy FancyBox is an actively developed alternative, though official Easy FancyBox support caps at WordPress 4.0.1.

Scan for Malware and use a WAF

One of the best ways to secure your website is to scan for malware and vulnerabilities on a daily basis and use a Web Application Firewall (WAF). The WAF will block potential threats from entering your website (e.g. DDoS attacks) while the daily scans will identify malware and vulnerabilities that have been placed on your site.

Update your WordPress plugins and themes

WordPress has done a wonderful job facilitating near-painless backups for its users. Once you get to the late 3.x releases, upgrades are essentially automatic. But what about plugins? More plugins, more problems, as the saying goes. Sometimes it’s not easy to wrangle the compatibility issues which come with the amazing and broad capabilities plugins add to a WordPress site.

Take it one plugin at a time. Research the plugin’s compatibility with the WordPress version you have, and then test it (with the previously mentioned backup at the ready).

SiteLock’s team of experts, expert services and products constantly monitor site files and traffic for malicious indicators. As with FancyBox, we’ll continue to find and mitigate malware even before before a vulnerability becomes known.

Contact SiteLock today to learn how website security software can help protect your website.

 

UpdraftPlus Presents Website Security Concerns

UpdraftPlus is a premium WordPress plugin that automates WordPress file and database backup as well as restoration to the cloud. The free version prior to 1.9.51, and versions without the “automatic backups” or “no adverts” add-ons, are vulnerable to security token, or nonce, disclosure which allows malicious actors outside your company to perform administrative-level actions like downloading sensitive configuration files and uploading remote control shells.

What should you do as a WordPress and UpdraftPlus user?

If you’re a SiteLock customer with TrueShield, breathe easy. Thanks to the TrueShield Virtual Patching, patching UpdraftPlus is automatic.

SiteLock protects WordPress site owners from the UpdraftPlus vulnerability with the SiteLock TrueShield web application firewall with Virtual Patching, regardless of UpdraftPlus version. TrueShield analyzes site traffic and stops attempted unauthorized security token use, again, even before the patch is applied.

If you don’t have SiteLock, you’ll need to update UpdraftPlus to version 1.9.51 as soon as possible. With disclosure, automated attacks follow, and without a firewall like TrueShield, or SiteLock’s SMART scanner which finds malicious code as soon as it hits your site, updates are your best defense.

For more information on SiteLock security solutions call 877.563.2791.

ghost vulnerability

The GHOST Vulnerability: What You Need to Know

GHOST vulnerabilityGHOST is now a household name to those even peripherally involved in information security. GHOST is the buffer overflow vulnerability found in certain versions of glibc, the GNU C library, and it’s named after the functions used to reach the exploitable code in the library, gethostbyname() and gethostbyname2().

What has SiteLock done to address the GHOST scourge, and what do SiteLock customers need to know moving forward?

SiteLock patched all TrueShield and TrueSpeed servers against the GHOST vulnerability on September 28, the day after disclosure. Signatures mitigating XML-RPC exploits, which could be used against WordPress installs for example, were implemented beginning the week of February 2nd. And as always, our security team is constantly on the lookout for signs of new GHOST exploitation use.

As a SiteLock customer, we recommend patching all servers using vulnerable versions of glibc, glibc-2.2 to glibc-2.17, to glibc-2.18 or higher.  All major Linux vendors released patches for glibc and they should be applied and servers rebooted as soon as possible.  Also be aware of SUID-root programs on servers which use gethostbyname*().  To find SUID binaries on a system — a sound security practice regardless of GHOST — open a root shell and run the following command.

# find / -user root -perm -4000 -exec ls -ldb {} ; | tee suid.list

For assistance with the GHOST vulnerability call the SiteLock team at 877.563.2791.

 

Page 5 of 5

Powered by WordPress & Theme by Anders Norén