Wordpress Redirect Outlook Phishing Attack

Added on August 20, 2021

Our partners at Astra Security have discovered yet another vicious attack on Wordpress websites. If you own a Wordpress website and you aren't using Astra Malware security protection, it's time to do so!

Let's take a look at their report:

Although it is one of the most common attacks on WordPress, WordPress redirection hacks never cease to surprise. In a new strain of the hack identified by our security engineers, the malware redirects WordPress website to phishing pages of renowned companies such as Microsoft’s outlook, security, and antivirus companies as well as known malicious domains such as

  • travelinskydream[.]ga
  • track.lowerskyactive[.]ga
  • hxxps://pipe.travelfornamewalking.ga
  • hxxps://greenlinetask.me/w_15.js

and several other domains that we previously saw in the Buyittraffic WP redirection hack and Digestcolect redirection hack. We have seen a large number of WP sites increasingly getting targeted with this attack.

What does the actual redirect attack look like?

When you click on the infected website’s URL, it takes you to the legitimate Microsoft Outlook login page with hostname https://login.microsoftonline.com/ (see picture below).

Microsoft Outlook Phishing Attack

When unsuspecting users authenticate on this form, they are then presented with a permission requesting Add-in – inserted/modified by the hacker – to gain apex-level access to their outlook account.

Microsoft Outlook Malicious Phishing Attack

The hacker also presents other fake pop-ups emulating security and antivirus software prompting to scan their device for malware as depicted below:

Applecare Phishing Attack

Clicking on the Scan Now button can reveal your sensitive details to the hacker or give him complete access to your device.

Browser Notifications Phishing Attack

The Technical Breakdown

The hack, like most WordPress redirection hacks, involves an injected malicious JS script.

The following script is just an example of the JS script we found on the database of the infected website.

As you can see, the script adds a redirection URL to hacker known domain ‘track.lowerthenskyactive.ga’.

Hacked Wordpress Admin

On close investigation, our security team also found the following script injected into almost all .php files inside wp-content (plugins/themes) directory of the infected WordPress website.

Besides, all the .js files were also heavily infected with the following obfuscated code.

which decodes to –

Have you been hacked?

  • If your website is also redirecting to any of the mentioned phishing pages, you have been hacked with the office-365 malware.
  • If you can’t log into your WP backend, that’s another sign of the hack.
  • If you see unfamiliar and suspicious-looking usernames in your WP admin panel, it is probably the hackers’.

These are some other common hack symptoms that you should look out for here. We have compiled the most common hacked symptoms seen on WP websites here.

Or you can just scan your website with a malware scanner to confirm the hack. Here’s how Astra’s machine-learning powered Malware Scanner flags malware on websites:

Astra Malware Scanner

How to repair your website

The best solution, if you are confused about how to deal with this hack, is to hire a professional security team. Astra Security has helped thousands of websites get out of a hack safely. We take care of the matter end to end and in record time (<6 hours of your sign-up).

If for any reason you can not hire a security team, start with taking a backup and changing all the passwords (WP admin panel, database, etc.) if you still have access to your website.

Next, download the checksums of the core WP files and compare your current files with that. If it doesn’t make you lose a lot of work, replace the files altogether. Otherwise, check for unfamiliar changes and undo them. However, be very careful doing this as you may also delete a benign piece of script mistakenly.

Next, check the database tables for any rogue insertions.

What to do after you've restored your site

After your website has been restored, ensure it becomes as hack-resistant as is possible.

This is how you can do this:

  • Check your website runs on the latest versions of WordPress and other complementary software and extensions.
  • Set up a regular backup routine. You can use a WP plugin to make this easier.
  • Set up a website firewall. A firewall monitors your website round the clock and blocks known malicious traffic from reaching your website.
  • Set up timely malware scanning to detect malware/intrusions before it’s too late. A daily malware scanning is ideal and recommended.

When is the last time you reviewed the security of your business and/or personal website?

Added on July 24, 2021

If you’re like the majority, it’s very likely that you haven’t done much to make sure your website is secure from hackers. In today’s news, we’re always hearing of new cyber attacks on large businesses. What we don’t hear much about are the attacks on smaller websites and what they did or didn’t have in place for security.

Over the years, we’ve seen that most website owners don’t know that they need a security tool or how to go about implementing one. With all of the confusion of competing products out there, it’s very easy to understand why most websites don’t have the security they need.

While every website is different, we feel we have a solution that is universal for every type and size website that can be tailored even further if needed. Evolve Hosting has partnered with a company called Astra which has developed an AI (Artificial Intelligence) backed security to system that is easy to install and highly effective at keeping the bad guys away and the malware out of your files.

Astra is simple to install and for 95% of the websites out there, it’s as simple as installing a plugin or extension after you purchase a license through Evolve Hosting. There are no DNS changes or sophisticated configuration steps.

Once the plugin is enabled, Astra will begin scanning your files on a regular basis for Malware and if any malware is found, it will be removed. Astra also uses a sophisticated firewall that stops intruders from even accessing your website. In the Astra dashboard, you will be able to easy see the attempted attacks, where they come from and how Astra has stopped them.

To secure your website, it really doesn’t get any easier then this! Please reach out to us today so that we can help protect your website before an attack occurs.

Open a live chat at evolvewebhost.com

Send us an email to hello@evolvewebhost.com

Call 303-900-5050

Act now for a free 2 week trial of Astra. During the trial, if malware is found, it will not be removed until you upgrade to a paid license.

If you like the service, we’ll get you signed up for a monthly or annual license. If you don’t like the service, simply let us know and we’ll deactivate the license.

For as little as $19.99 per month, you can know that you are protected from the bad guys!

Astra works on every website, no matter who your hosting provider is.


Check Your Website Security - for FREE

Added on May 12, 2021

It's almost a daily occurrence that you hear about cyberattacks and ransomware. It's time to ask yourself the question - When is the last time you checked your own website security and took steps to make it more secure for your visitors and yourself?

There is a common list of things you can do that include:

1) Updating all passwords on a regular basis. This includes Admin login credentials, control panel for your hosting service, email passwords, etc. Make sure you use a unique password for each set of credentials and each password includes uppercase and lowercase letters and a symbol or two.

See the following articles about creating strong passwords and additional ways to keep yourself protected:

Password Do's and Don'ts

Securely Share Passwords and Maintain Them

2) Keep your website software up to date to patch any vulnerabilities

3) Making sure you are using a supported PHP version on the server your website(s) are hosted on

4) Use an SSL certificate to encrypt transactions performed on your website

Now for the major questions you should be asking yourself:

1) When is the last time you had a malware scan run for your website?

2) Do you have a firewall that is protecting your website from hackers even getting to your website?

3) What are you doing to maintain your online reputation and build user trust?

4) Is your website blacklisted?

Having a security plan in place that takes care of these items will go a LONG way towards building user trust and avoiding the dreaded HACKED WEBSITE and downtime.

Evolve Hosting is a partner with Astra Security company. Astra is one of the easiest security solutions to setup and protect your website. This doesn't have to be over complicated!

Use this link to run a FREE security audit: https://securityscan.getastra.com/

Evolve Hosting offers one of the lowest prices, if not the lowest you'll find for Astra Security and we help you secure any website, even if it's not hosted with us.

Monthly for $19.99 per domain

OR

$179.88 for the year (3 months free) per domain

To learn more about Astra, visit this link Astra Website Security and/or reach out to us over live chat or by giving us a call.

To signup for Astra, order here online


Astra Firewall Statistics

Added on November 8, 2020

Astra stops many website attacks that users are unaware of. This post shows some of the attacks.

Let's take a look at some of the things Astra blocks from happening to your websites. We often hear, 'I didn't even think someone would bother attacking our website'. Hackers do not actually visit your website so it does not matter how popular your website may be. Instead, they write a script that is used to try and hack thousands of websites at a time by finding vulnerabilities (bad coding practices, weak passwords, outdated software, etc).

This is why it is so important to keep your passwords strong and unique, keep your software up to date (including themes and plugins that are active and inactive) and to remove files from the server that are not being used.

The screenshot below shows various attacks stopped by Astra. In the 1st screenshot, you can see that the attacker was trying to inject malicious code into the database. It was stopped.

In the 2nd screenshot, you will see how many times they tried to do so and the way Astra stopped the attacks at first and then finally blocked the attack all together.

The key to keeping your website safe is to be proactive. Once a website is hacked, it causes a lot of stress, downtime, lost business and angry site visitors. Having a firewall in place is a small price to pay to keep your website free of Malware and stop the attacks.


Importance of a Firewall

Added on August 10, 2020

Every website is vulnerable to attacks and attackers have no bias as to which websites they target. Having your website behind a firewall is a strong line of defense against attacks. From injecting malware into your files and database to taking your site down and holding it for ransom, attacks are wide ranged and constantly changing.

How does a firewall work?

A firewall is a 'wall' between your website and the potential hacker. Using sophisticated algorithms and AI (Artificial Intelligence), a firewall can detect whether there is a harmful visitor attempting to access your site and the firewall will deny them access.

Can you control what is blocked?

Yes! Most firewall providers, including the one Evolve Hosting offers allow you to monitor and create rules specific to your needs. Whitelist or Blacklist IP addresses, block countries and block or allow specific events.

How do I protect my website?

Evolve offers a solution in partnership with an AI (Artificial Intelligence) security company called Astra. We have one simple offering that scans and cleans up malware and utilizes a firewall to keep the bad guys away from your websites. To review the plans and signup, visit this link: Astra AI Security