WordPress Security: .rr.nu Malware Mass Site Attacks (and Removal Tool)
SECURITY ALERT: .rr.nu Malware
There's a hacking campaign that's been targeting WordPress websites, with thousands of websites recently compromised. It is not yet known where or how they are getting in, and it seems it is also very hard to clean & many users say it just keeps returning..... Many affected users also reported that they are hosted on Dreamhost, but it is not yet sure if that is just a coincidence.
Sucuri (Security website) say it might be due to running out-dated versions of WordPress, and or plugins and themes (but not current WordPress versions). Sucuri has said:
"we can safely rule out any new vulnerability on WordPress itself"
The hackers seem to be infecting many different files, and they leave links pointing to various .rr.nu domains.
What To Look Out For
A piece of script containing a link to a URL with a .rr.nu address usually gets added to the footer of the hacked sites (....there are often many other files affected too - read the articles I have provided links to below in order to learn the full extent of the problem). Many users have reported that it is very hard to remove and just seems to return again and again.
How To Remove The Infection
There is a free site online scanner from Sucuri (see link below) that you can use to see if your site has been compromised or not (note: this tool will also find any other forms of infections too, so it's useful to use even if you don't have the .rr.nu malware infection).
There is also a free tool for removing any infection (see link below). Naturally it goes without saying that you should always do a backup first before using any sort of removal tool......
Links to More information:
- WordPress Tavern article: WordPress Not The Direct Cause of Mass-Site Attacks?
- Sucuri article on removing malware from WordPress : http://blog.sucuri.net/2010/02/removing-malware-from-a-wordpress-blog-case-study.html
- Sucuri information on .rr.nu campaign: http://blog.sucuri.net/2012/02/malware-campaign-from-rr-nu.html
- Sucuri Site Scanner (free online scanner tool): http://sitecheck.sucuri.net/scanner/
- Free tool to remove the .rr.nu malware: https://github.com/walkeralencar/rrnuVaccine
(Please Note: this tool was created by another user, and is mentioned within the first Sucuri article I posted above - However, I cannot vouch for it as I haven't personally used it / needed it yet, but the other users say it has worked for them)
Hope this helps,
What Others On This Site Are Reading:
Latest posts by Karen Banting (see all)
- Free Return Shipping: PayPal Refunded Return Shipping Service - August 18, 2016
- Marketing Methods for Small Business – List - June 27, 2014
- WordPress eStore Plugin – Features and Video - May 10, 2014