Web Attack: WordPress Ultimate Member Plugin

Spread the love
  • 22
  • 14
  •  
  • 1
  • 3
  • 12
  •  
  •  
  •  
  •  
  •  
  •  
    52
    Shares

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening 

Ultimate Member is a free WordPress plugin that makes it extremely easy to create powerful online communities and beautiful user profiles with WordPress. I also a big fans of Ultimate Member, recently four of my sites used the WordPress plugin ‘Ultimate Member’ and  The7 theme. This hack causes websites to redirect to URLs such as utroro[.]com, murieh[.]space, and unverf[.]com. This hack can also display fake CAPTCHA images which ask you to click “Allow” in your browser’s notification area.

Worst Of All, this PHP scripts will attack other sites via this server (Amazon AWS Abuse Team reported this issue to me).

I researched this issue in Google, I’m not the only one! There are around 5500 estimated infected websites with one of the scripts

How to define whether my sites was attacked or not?

  1. Your sites will keeping redirect to others website (e.g. Simple Popup Let Your Customers/Readers click the captcha)
  2. Your site works as normal, but your server are sending attack traffic to others
  3. There are unknown PHP files in public_html and media folders
    e.g.
    DAWD3ada.php
    wp-super-cache.php (Fake Cache Files)

How to Fix the Issue?

  • Wordfence Scan and Firewall

    If you can access wordpress dashboard, please install Wordfence plugin and scan full site.

    Basic Configuration:

  • Cpanel Protection

    If you use Cpanel, please enable Hotlink Protection

  • MOST IMPORTANTLY STEP – REMOVE ULTIMATE MEMBER FROM YOUR SITE!

    If you still want keep ultimate member, delete all PHP files in subdirectories under wp-content/uploads/ultimatemember/temp/ (disable execution of PHP files in this folder)

Source:

https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=30970

Leave a Reply

Your email address will not be published. Required fields are marked *

Skip to toolbar