What is AnonymousFox?

WHAT IS ANONYMOUSFOX?

Anonymousfox is a vulnerability of WordPress and different CMS with which vulnerable plugins can be exploited and thus gain access to the files of your cPanel account.
While this is not a problem that affects the integrity of the server on which it is hosted or that it can grow horizontally to spread between accounts on the same server, it is possible that it will attack different accounts independently.

WAY TO ATTACK

cPanel has a file called .contactemail in which an email is stored in plain text and with this the client has the opportunity to recover their panel password in case they forget it.

Anonymousfox will scan your entire site for out-of-date plugins or vulnerable CMS, finding any will use this same vulnerability to upload suspicious files and / or directories such as smtpF0X or F0xAutoConfig and other named Fox related accounts or directories in the directory of a user.
These uploaded files will modify the content of .contactemail and replace your email with someone else, after this a series of commands will be generated to recover the cPanel password and receive it later via email.

SECURE YOUR SITE

There are many types of CMS, so we will only focus on the most used in WordPress.
Securing a WordPress site seems like a complicated task, but in reality any standard user will be able to do it, here are a few steps which could help:

1. DISABLE THE EXECUTION OF PHP FILES IN NON-NECESSARY DIRECTORIES

Enter the directory, create a .htaccess and enter the following information:
<Files *.php>
deny from all
</Files>

The directories in which php should not be executed are:
/ wp-includes
/ wp-content / uploads

 

2. BLOCK ACCESS TO YOUR OWN .HTACCESS FILE

To achieve this step, you will only have to add the following lines to your own htacces file:
<Files .htaccess>
order allow, deny
deny from all
</Files>

3. DISABLE XMLRPC.PHP THROUGH THE .HTACCESS FILE

The xmlrpc.php file is only used for unencrypted RPC communication, in case your WordPress does not need it you will have to deactivate it from your htacces as follows:
<Files xmlrpc.php>
Order Allow, Deny
Deny from all
</Files>

I hope this information is useful, receive a warm greeting!

Previous Use of WordPress in SEO positioning
Next Adminit Technology

Related Posts

GPT3

Suggested Posts

No Comment

Leave a reply

Your email address will not be published. Required fields are marked *