Keylogging Malware Infects More Than 5,000 WordPress Sites

The cloudflare.solutions domain has been taken down after infecting thousands of WordPress sites with cryptocurrency mining and keylogging malware posing as script from trusted web services, according to a Sucuri blog post. The malware had infected at least 5,492 WordPress sites, SC Magazine reports.

The keylogging malware was added to malware distributed from fake Cloudflare website cloudflare.solutions which Sucuri wrote a blog about in April. It captures data entered by users, potentially including login and payment information. The malicious code is given away by two long hexadecimal parameters, which are the keyloggers, following cdnjs.cloudflare.com URLs, which are fake, according to the report.

Sucuri noted the obfuscation tricks being used by a CoinHive JavaScript Monero miner in another recent blog post, including the use of non-decimal notation for the host name, a fake jQuery name, and names related to Google Analytics.


The script resides in the function.php file of the WordPress theme, and both scripts were found on many sites by Sucuri, but it was not clear that they were present on all 5,492.

“You should remove the add_js_scripts function and all the add_action clauses that mention add_js_scripts,” advises Sucuri Senior Malware Researcher Denis Sinegubko. “Given the keylogger functionality of this malware, you should consider all WordPress passwords compromised so the next mandatory step of the cleanup is changing the passwords (actually it is highly recommended after any site hack).”

Namecheap Leaks/Steals Domain From Search

I had searched a domain last night only to notice it was available for the past couple of years.

I go to purchase it 12 hours later and i… | Read the rest of http://www.webhostingtalk.com/showthread.php?t=1687113&goto=newpost

New Branded Domain Marketplace, Lowest Fees: Turfmob

We’ve tried all the branded domain marketplaces available on the market and had horrible experiences with each. Broken interfaces, strange a… | Read the rest of http://www.webhostingtalk.com/showthread.php?t=1682007&goto=newpost

Can someone steal my domain on shared hosting?

Hi.

If I create the domain mydomain.com and add the nameservers to my host. What if someone already have created the mydomain.com on the … | Read the rest of http://www.webhostingtalk.com/showthread.php?t=1680725&goto=newpost