Vulnerable Word Press CMS websites under constant attack via PHPMYADMIN_WORM
Look at all that worm-activity going on, ->:
https://viz.greynoise.io/tableNot a cyberfriendly place on that Visualizer. Look at this random chosen source of infection:
https://www.shodan.io/host/115.68.108.67Word Press & PHP and also modern languages like Slick.
Net-scans for instance with malicious PHPMYADMIN_WORM
scanner functions via PHP/5.6.0
The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location.
Keep an eye on this forthcoming logs, you cyberdefense folks. Word Press CMS admins look after your configuration and eventual compromittal. You are under constant attack from all corners all over the globe.
Do you know what all these crawlers and bad bots are up to all the time all of the time? Time to come and stop and block.
Info credits go to J.O.
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)