Wordpress site attacked Malware 2020
Target Critical Vulnerability attacks by Dennis Fisher in WordPress File Manager Plugin. In a common WordPress plugin, attackers exploit a critical vulnerability that enables an attacker to execute arbitrary commands and download files to a target WordPress website. An Internet-wide hacking spree has been caused by an easy-to-use flaw in a common Wordpress plugin.
Millions of WordPress pages were checked and targeted this week,said Defiant on Friday, a web firewall company behind Wordfence.There's a flaw in the File Manager plugin, which contains more than700,000 active users who help managers handle their files on their WordPress pages. The plugin requires a third-party library of elFinder. The zero-day was an unauthenticated file upload vulnerability which allowed an attacker on a site running an older File Manager plugin to upload malicious files.Version 6.4 of the File Manager released in May introduced the vulnerability. But the first attempts to exploit the bug were seen by the researchers only by the end of August.In the last week of August, an exploit for GitHub was released for the vulnerability and on September 1 the File Manager maintainers released an modified version addressing the bug just few days later.While a fixed version was available a week ago, few of the WordPress plug-in websites have been updated by researchers.

Millions of sites have been probed, attacked

"Over the last few days, attacks have increased significantly on this weakness," said Ram Gall, Defiant Threat Analyst.

The attacks began slowly but escalated during the week, with1 million WordPress pages targeted on Defiant on 4 September.In total, Defiant said after the first attacks were discovered on September1, that it had blocked attacks on more than 1.7 million sites. 

The nature of the bug makes it very urgent to update, particularly in the case of automated bug scans.Identification of compromised sites is a simple task; with an exploit open to the public, it is time that is important, provided that an attacker may upload arbitrary files to the site after a successful exploit.

“The first attack we noticed was on August 31st, one day before the plugin was updated, with an average of 1.5k attacks per hour. On September 1st, we had an average of 2.5k attacks per hour, and on September 2nd we had peaks of over 10k attacks per hour.”

The great news is that on the same day the development team of the File Manager developed and released a fix for the zero day.Some site owners activated the patch,while others lag behind as normal.