Ongoing hacking attacks on WordPress

This just in via WordFence email:  Wordfence <list@wordfence.com>

AJAX call creates a user named wpservices with the email wpservices@yandex.com and the password w0rdpr3ss. With this user in place, the attacker is free to install further backdoors or perform other malicious activity.

Block these IPs in cPanel / IP Blocker:

yourservice.live – Hosts the script responsible for rogue administrator creation. Also associated with other malvertising scripts in earlier incarnations of this campaign.

adsnet.work – Hosts ad network scripts for redirection and popups.

IP Addresses 104.130.139.134

Details please review their article at https://www.wordfence.com/blog/2019/08/ongoing-malvertising-campaign-continues-exploiting-new-vulnerabilities/

Comments are closed