Keylogging Malware Infects More Than 5,000 WordPress Sites

The cloudflare.solutions domain has been taken down after infecting thousands of WordPress sites with cryptocurrency mining and keylogging malware posing as script from trusted web services, according to a Sucuri blog post. The malware had infected at least 5,492 WordPress sites, SC Magazine reports.

The keylogging malware was added to malware distributed from fake Cloudflare website cloudflare.solutions which Sucuri wrote a blog about in April. It captures data entered by users, potentially including login and payment information. The malicious code is given away by two long hexadecimal parameters, which are the keyloggers, following cdnjs.cloudflare.com URLs, which are fake, according to the report.

Sucuri noted the obfuscation tricks being used by a CoinHive JavaScript Monero miner in another recent blog post, including the use of non-decimal notation for the host name, a fake jQuery name, and names related to Google Analytics.


The script resides in the function.php file of the WordPress theme, and both scripts were found on many sites by Sucuri, but it was not clear that they were present on all 5,492.

“You should remove the add_js_scripts function and all the add_action clauses that mention add_js_scripts,” advises Sucuri Senior Malware Researcher Denis Sinegubko. “Given the keylogger functionality of this malware, you should consider all WordPress passwords compromised so the next mandatory step of the cleanup is changing the passwords (actually it is highly recommended after any site hack).”

How many WordPress sites can fit

How many WordPress sites can fit on a dedicated server with these specs:

RAM:64 GB DDR4
Hard Drive:2 x 2 TB SATA 6 Gb/s 7200 rpm HDD Cla… | Read the rest of http://www.webhostingtalk.com/showthread.php?t=1687124&goto=newpost

New dedicated server to replace a few old ones

I have a few old dedicated servers and VPS :

1. Dedicated server E3-1270 with 16 GB RAM hosting about 250 sites (mostly wordpress sites).
… | Read the rest of http://www.webhostingtalk.com/showthread.php?t=1685893&goto=newpost

How to Gzip pages with SSL for mod_PHP?

I found that all my sites can be gzipped enabled for http pages, but not gzipped for https (SSL).

Since I stay with two different managed… | Read the rest of http://www.webhostingtalk.com/showthread.php?t=1684335&goto=newpost

Should I look into VPS or dedicated?

Hello All 🙂

I build and sell starter websites and usually have 20-30 small sites on my hosting provider.

I currently use A2 Turbo pla… | Read the rest of http://www.webhostingtalk.com/showthread.php?t=1681835&goto=newpost