Anonymousfox is a vulnerability of WordPress and different CMS with which vulnerable plugins can be exploited and thus gain access to the files of your cPanel account.
\nWhile this is not a problem that affects the integrity of the server on which it is hosted or that it can grow horizontally to spread between accounts on the same server, it is possible that it will attack different accounts independently.<\/p>\n
cPanel has a file called .contactemail in which an email is stored in plain text and with this the client has the opportunity to recover their panel password in case they forget it.<\/p>\n
Anonymousfox will scan your entire site for out-of-date plugins or vulnerable CMS, finding any will use this same vulnerability to upload suspicious files and \/ or directories such as smtpF0X or F0xAutoConfig and other named Fox related accounts or directories in the directory of a user.
\nThese uploaded files will modify the content of .contactemail and replace your email with someone else, after this a series of commands will be generated to recover the cPanel password and receive it later via email.<\/p>\n
There are many types of CMS, so we will only focus on the most used in WordPress.
\nSecuring a WordPress site seems like a complicated task, but in reality any standard user will be able to do it, here are a few steps which could help:<\/p>\n
Enter the directory, create a .htaccess and enter the following information:
\n<Files *.php>
\ndeny from all
\n<\/Files><\/p>\n
The directories in which php should not be executed are:
\n\/ wp-includes
\n\/ wp-content \/ uploads<\/p>\n
<\/p>\n
To achieve this step, you will only have to add the following lines to your own htacces file:
\n<Files .htaccess>
\norder allow, deny
\ndeny from all
\n<\/Files><\/p>\n
The xmlrpc.php file is only used for unencrypted RPC communication, in case your WordPress does not need it you will have to deactivate it from your htacces as follows:
\n<Files xmlrpc.php>
\nOrder Allow, Deny
\nDeny from all
\n<\/Files><\/p>\n
I hope this information is useful, receive a warm greeting!<\/p>","protected":false},"excerpt":{"rendered":"
WHAT IS ANONYMOUSFOX? Anonymousfox is a vulnerability of WordPress and different CMS with which vulnerable plugins can be exploited and thus gain access to the files of your cPanel account. Although this is not a problem that affects the integrity of the server on which it is hosted or that can grow horizontally for ...<\/p>","protected":false},"author":27,"featured_media":40998,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-40997","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry"],"jetpack_featured_media_url":"https:\/\/webirix.com\/wp-content\/uploads\/2021\/10\/logo.png","_links":{"self":[{"href":"https:\/\/webirix.com\/en\/wp-json\/wp\/v2\/posts\/40997","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/webirix.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webirix.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webirix.com\/en\/wp-json\/wp\/v2\/users\/27"}],"replies":[{"embeddable":true,"href":"https:\/\/webirix.com\/en\/wp-json\/wp\/v2\/comments?post=40997"}],"version-history":[{"count":5,"href":"https:\/\/webirix.com\/en\/wp-json\/wp\/v2\/posts\/40997\/revisions"}],"predecessor-version":[{"id":41004,"href":"https:\/\/webirix.com\/en\/wp-json\/wp\/v2\/posts\/40997\/revisions\/41004"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webirix.com\/en\/wp-json\/wp\/v2\/media\/40998"}],"wp:attachment":[{"href":"https:\/\/webirix.com\/en\/wp-json\/wp\/v2\/media?parent=40997"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webirix.com\/en\/wp-json\/wp\/v2\/categories?post=40997"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webirix.com\/en\/wp-json\/wp\/v2\/tags?post=40997"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}