Anonymousfox WordPress hack
I am hired to clean and secure hacked WordPress sites on a regular basis. People hire me to identify if their site is infected, then clean them and properly secure them and maintain them ongoing.
Recently I dealt with a particularly ugly infection identified as Anonymousfox. There was a security vulnerability on the hosting account that enabled this to infect more than 2 dozen websites.
What is AnonymousFox.co?
Anonymousfox is a group that creates/shares/sells hacking tools to exploit and infect malware in website environments. This malware is complex and automates finding websites and web hosting environments that are not maintained by keeping code updated and patching vulnerabilities as they are identified. (Hackers keep on top of when vulnerablities are found , that is why it is so important for YOU to stay one step ahead of them and patch vulnerable WordPress code as soon as it’s made public.)
Anonymousfox infects code
Anonymousfox doesn’t only infect WordPress, it also targets other popular open source website software like Joomla and Opencart. Since WordPress is the most popular CMS on the Internet, you hear about it being infected more often.
Anonymousfox infects cPanel
Once the attacker sneaks in through WordPress, it then attacks the web hosting account control panel cPanel. They change the account email address to then reset the password. Then their fun really begins by infecting all of the website accounts it can.
With the site I cleaned up, the infection was particularly bad because the hosting account had FollowSymlinks enabled. This is a big security flaw in the default configuration (having symlink protection disabled) that give the hacker access to move through the websites on the account and infect them all. It may create email accounts on the website account to then sell to spammers. This can create more headaches for you by getting your domain blacklisted as a spam threat. It will change the main admin username in WordPress and often add additional administrator user accounts.
I have cleaned and secured hundreds of infected websites. Most of them are built with WordPress. I can’t stress enough how important it is to keep your WordPress code updated all the time and regularly review your website for security vulnerabilities. If you don’t know how to do this, or don’t have the time, hire a professional website security consultant that can maintain it for you. If your business website is an integral part of your business, this is a no brainer.
Cleaning this website infection was very time consuming and very expensive to clean up. The minor cost of ongoing WordPress maintenance services outweigh the level of stress this created for the client, including downtime of their websites on top of the many hours I had to put into it on an emergency basis (Emergency basis meaning I had to drop all of my other scheduled client work to spend several days getting dozens of infected websites cleaned and secured.)