Happy Presidents’ Day

Proud to live in a Democracy, Happy Presidents’ Day!

Wonderful Wednesday -Don’t Judge Each Day By the Harvest You Reap

Don’t judge each day by the harvest you reap but by the seeds that you plant.

Happy Martin Luther King, Jr. Day! – 2022

“Faith is taking the first step even when you don’t see the whole staircase.” -MLK Jr.

Huge Attack on WordPress Sites Yesterday (12-9-2021)

I’m often asked, “what do you actually do for our hosting fee?”.   For those clients that pay purely for hosting, and not for other digital marketing services, when you are not technical, it’s a difficult question to answer. The easiest analogy is changing the oil in your car.   You don’t have to.   You can drive your car until it bursts into flames, or, you can maintain your car, and have a more reliable vehicle.   There.. nothing “techy” to digest.  With “el cheapo hosting” you get a place to put your site. It’s up to you to provide the maintenance.   With HOF, we take care of it. The news yesterday was bad.  There was an attack on millions of websites, all WordPress, all focus on some of the little bits of software that run on a site.  Every time something like this happens, or every time the potential for something like this to happen, most software developers will update their software.   Your website relies on anywhere from a dozen, to hundreds, of little independent pieces of software, and each software has its own update schedule. Those sites that were updated, withstood yesterday’s attack with no issues.  Those sites that were not, could be crippled.  The attack gave anyone the ability to become an administrator of a compromised site.  Horrific!   Here’s a full accounting of the attack. The detailed article is provided by WORDFENCE, one of the premier tools for stopping hacks and keeping sites updated.   None of our sites were impacted by this attack.   Jeff     Today, on December 9, 2021, our Threat Intelligence team noticed a drastic uptick in attacks targeting vulnerabilities that make it possible for attackers to update arbitrary options on vulnerable sites. This led us into an investigation that uncovered an active attack targeting over a million WordPress sites. Over the past 36 hours, the Wordfence network has blocked over 13.7 million attacks targeting four different plugins and several Epsilon Framework themes across over 1.6 million sites and originating from over 16,000 different IP addresses. A Closer Look at the Attack Data Attackers are targeting 4 individual plugins with Unauthenticated Arbitrary Options Update Vulnerabilities. The four plugins consist of ​​Kiwi Social Share, which has been patched since November 12, 2018,  ​​WordPress Automatic and Pinterest Automatic which have been patched since August 23, 2021, and PublishPress Capabilities which was recently patched on December 6, 2021. In addition, they are targeting a Function Injection vulnerability in various Epsilon Framework themes in an attempt to update arbitrary options. In most cases, the attackers are updating the users_can_register option to enabled and setting the default_role option to `administrator.` This makes it possible for attackers to register on any site as an administrator effectively taking over the site. Our attack data indicates that there was very little activity from attackers targeting any of these vulnerabilities until December 8, 2021. This leads us to believe that the recently patched vulnerability in PublishPress Capabilities may have sparked attackers to target various Arbitrary Options Update vulnerabilities as part of a massive campaign. The top 10 offending IPs over the past 36 hours include: 144.91.111.6 with 430,067 attacks blocked. 185.9.156.158 with 277,111 attacks blocked. 195.2.76.246 with 274,574 attacks blocked. 37.187.137.177 with 216,888 attacks blocked. 51.75.123.243 with 205,143 attacks blocked. 185.200.241.249 with 194,979 attacks blocked. 62.171.130.153 with 192,778 attacks blocked. 185.93.181.158 with 181,508 attacks blocked. 188.120.230.132 with 158,873 attacks blocked. 104.251.211.115 with 153,350 attacks blocked. How Can I Keep My Site Protected? Due to the severity of these vulnerabilities and the massive campaign targeting them, it is incredibly important to ensure your site is protected from compromise. We strongly recommend ensuring that any sites running one of these plugins or themes has been updated to the patched version. We have the affected versions of each product outlined below. Please ensure that your sites are running a version higher than any of the ones listed. Simply updating the plugins and themes will ensure that your site stays safe from compromise against any exploits targeting these vulnerabilities. The following are the affected plugins and their versions: PublishPress Capabilities Kiwi Social Plugin Pinterest Automatic WordPress Automatic The following are the affected Epsilon Framework theme versions: Shapely NewsMag Activello Illdy Allegiant Newspaper X Pixova Lite Brilliance MedZone Lite Regina Lite Transcend Affluent Bonkers Antreas NatureMag Lite – No patch known. Recommended to uninstall from site. How Do I Know If My Site Has Been Infected and What Should I do? As previously stated, the attackers are updating the users_can_register option to enabled and setting the default_role option to `administrator` in most cases. To determine if a site has been compromised by these vulnerabilities, we recommend reviewing the user accounts on the site to determine if there are any unauthorized user accounts. If the site is running a vulnerable version of any of the four plugins or various themes, and there is a rogue user account present, then the site was likely compromised via one of these plugins. Please remove any detected user accounts immediately. It is also important to review the settings of the site and ensure that they have been set back to their original state. You can find these settings by going to the /wp-admin/options-general.php page. Please make sure the `Membership` setting is correctly set to enabled or disabled, depending on your site, and validate that the `New User Default Role` is appropriately set. We strongly recommend not using `Administrator` for the new user default role as this can lead to inevitable site compromise.   Please review this guide to cleaning a hacked site with Wordfence to complete the clean of the site once the intrusion vector has been determined and the immediate issues have been resolved. If the entire site is not scanned and cleaned to ensure there are no additional backdoors, it may be possible for an attacker to regain access to the site. Conclusion In today’s post, we detailed an active attack campaign targeting various plugins and themes that make it possible for attackers to effectively take over vulnerable sites through the use of arbitrary option updating. We strongly recommend ensuring that all of your sites have been updated to the patched versions of the affected plugins and themes. You can also find this post on the official Wordfence blog if you’d like to share it with the larger community.

Happy Father’s Day

Happy Father’s Day

Coming Soon, Something Very Exciting

We’re embarking on a 20 week adventure designed to fundamentally change the success trajectory of your practice, and in the process, perhaps your life.   On this journey, you are the only one that can decide whether to be a passive observer or an engaged participant.  We challenge you to jump in, be engaged, or […]

Happy President’s Day

“I hope I shall possess firmness and virtue enough to maintain what I consider the most enviable of all titles, the character of an honest man.” – George Washington

Happy Martin Luther King Day

In some not too distant tomorrow the radiant stars of love and brotherhood will shine over our great nation with all their scintillating beauty.

Happy Mother’s Day

TO ALL THE MOTHERS OUT THERE., HAPPY MOTHER’S DAY! YOU ARE AMAZING.