Information Security

WordPress Site Redirected To tenderloin.osa.pl Via Search Engine Click Jacking

So earlier today I noticed a discrepancy in traffic to question-defense.com and because of a previous incident I knew exactly where to look. Sure enough a similar attack had been performed which we are coining Search Engine Click Jacking. In this case we are sure that a single files permissions were left open and the attackers were able to write PHP into the file which caused traffic being referred to our site from many of the major search engines to be redirected to tenderloin.osa.pl. Our site is built using WordPress however any site built in PHP with incorrect permissions on any files are vulnerable to this type of attack. Below is more information about the attack, how to search for the attack, and a simple bash script that will remove the infected code from PHP files on your web site.

Technology Insights

Change the Table Prefix of WordPress Blog MySQL Database from wp_

The directions below will provide simple instructions on changing the prefix to your WordPress blog’s MySQL database from wp_ to whatever you choose. Its a good idea to change this prefix to prevent zero-day SQL injection attacks from being performed against your WordPress installation since your database tables will be known to everyone if you use the default prefix. So follow the below directions to make the change that should only cause minimal downtime if the steps are followed properly.

  1. MySQL Database Backup:Use the CLI or backup your database from phpMyAdmin. If using phpMyAdmin use the export feature to export a SQL version of your database and download it to the PC you are working on. Your backup should be something similar to mydb_DATE.sql.