Blog

Attention WordPress User

Are you a WordPress user? If you are using a plug-in that allows you to block IP ranges, just take the following addresses to your block list:

93.171.158.*
185.86.76.*
185.86.77.*
185.86.78.*

These are IP addresses that are used for scanning WordPress blogs. These criminal elements hack your website if they find vulnerabilities, . With best wishes from Ukraine.

Currently they scan the following plug-ins:

Front-end Editor
wp-crm
Front End Upload
Aviary Image Editor Add-on For Gravity Forms
WP Symposium
WP Eden
Viddler WordPress plugin
ACF

In addition, they scan the following paths:

themes/scripts/admin/uploadify/wp-comment.php
themes/scripts/admin/uploadify/uploadify.php
themes/ pronto/cjl/uploadify/wp-comment.php
themes/pronto/cjl/uploadify/uploadify.php
themes/wp-symposium/uploadify/wp-comment.php
themes/webimprovers/includes/uploadify/uploadify.php
themes/webimprovers/includes/uploadify/wp-comment.php

In addition, unknown to me:

Photocrati Theme
U-Design
Realchurch

Hope you have the latest updates …

If anyone of you possess criminal energy and lure them to a honeypot page to provide a data package to download, note that: They are using Windows 7 and older browsers … idiots.

Tagged , , , , , , , , , , , , ,