AnonymousFox Website Fraud

-
Just today, I check our site's access logs via cPanel and surprised that we are constantly receiving GET requests to non-existent files and folders/directories. These files and directories are files and folders of a WordPress Website.

AnonymousFox Fraud

When I checked our Website Access Logs, I noticed a series of GET requests from IP Address 32.223.67.184 to non-existent files and directories which apparently returns ERROR 404. The request bears the word "anonymousFox.co" which gave me an Idea to what really made these requests.

Series of 404 Requests from anonymousFox

Somebody or Something is trying to find vulnerable WordPress Plugins from our site, and when it does, then we're compromised.

“AnonymousFox” is related to the old exploit of WordPress 5.5 and the plugin “WP File Manager”, however, recent attacks include not only the WP File Manager but also other vulnerable WordPress Plugins. Your Password will be changed, and your Username will be anonymousFox or simply Fox.

WordPress really has a big loophole, while creator of AnonymousFox updates their hack continuously that it can even compromise a WordPress Installation without any plugin installed. That's one big reason why I never recommend and never use WordPress.


“The anonymousfox vulnerability, caused by running vulnerable scripts on a cPanel account does not allow for root access.
Allowing vulnerable content on the server which in turn allows a way for an attacker to obtain access to the cPanel password reset does not constitute a bug.
What ultimately should be done here is remove the vulnerable content.”
Anonymous Fox has an official website, where members describe the current tools used for the attacks.
https://anonymousfox.co/

Comments

Post a Comment

Popular posts from this blog

6000+ Midi KaraOke File Free Download (Links Updated 02-21-21)

-
6000+ Midi KaraOke File Free Download (LINK UPDATED 02-21-2001) Midi KaraOke files are synthesized music (midi) with Lyrics applied to so that one can sing his/her favorite songs using his/her Laptop. Midi KaraOke files has the file extension .kar, and is playable on various Midi KaraOke Players freely available, VanBasco Karaoke player to be the most popular. There are various sites who offers free downloads of these MIDI Karaoke Files but their collections are very limited (they offer only several hundreds of KaraOke Files). This compilation of Midi KaraOke files has more than 6000 KaraOke Songs, offered for free download. You can download all these KaraOke songs for free, however, to minimize our hosting cost, we decided to upload these to a free file hosting, and to monetize some downloads to help us cover our hosting expenses, please click on the download link, wait for five (5) seconds then click on SKIP ADS on the top right of the screen. Because of the file size lim
Read more

Photos taken at Pinahiw Viewpoint, Landingan Viewpoint, and Quirino Experiment Services

-
Image
February 27, 2021, we woke up early and prepared for a long journey to Landingan Viewpoint at Nagtipunan Quirino via Pinahiw Viewpoint at Aglipay Quirino. 12 of us rode our motorcycles and drive from Barangay Cabugao, Aglipay Quirino to Pinahiw View Point, Aglipay Quirino via Eden, Cabarroguis Quirino. It was past 10 AM when we reach the peak of Pinahiw Viewpoint, where you can feel the very cold weather of the foggy peak of the mountain. About 11AM, we rode again to Nagtipunan Quirino, where the spectacular Landingan Viewpoint is situated. Photos taken were uploaded for our colleagues to download.  Images were resized to fit the screen, but the un-edited raw jpeg images can be viewed and downloaded by right-clicking the resized images and select "open in new tab". NOTE: The photos below are captured by me (Rodrigo Lugod). If you are not in the photo and you want to use any photo uploaded here for whatever purpose, Please contact me first via email (mangiskoalbuaryo@gmail.
Read more

#Office365 2019 New Scam by Ex-Robotos Malware - cracked by IK Zeus

-
Image
 Around 1:45PM June 19, 2021 (+8gmt), I was contacted by one of my web development clients. He's in shock that they can't access their MLM Website, and get redirected to 404 Page. I asked him the CPanel account login, and promptly opened the CPanel, only to find out, the Member's Area directory was gone, and there this new folder named "Journal" was created few hours ago. Journal folder containes some php files named after the missing files I created before, and some text files. When I open the files for editing (to view its content) through File Manager, I was presented with javascript codes (which I didn't examined). Voicemail Scmpage 2019 by Ex-Robotos In the top most part of each php files were found commented the phrase "Office365 2019 New Scam by Ex-Robotos - cracked by IK Zeus" Readme.txt inside the Journal folder Upon examining the Journal folder, I realized that it is a Office365 2019 Phishing Script. How did that script put in there? I don&
Read more