WordPress Managed Hosting - 40% Off For 4 Months - Coupon Code: BFCM2021 Avail Now

FIFA World Cup 2018: A Dream for Most, A Nightmare For WordPress Users

Moeez — July 16, 2018 2 Minutes Read

Imperva, a cybersecurity group, recently released a research in which they observed a new comment spam campaign that works around the FIFA World Cup hype. The comments include a link that redirects users to suspicious websites, most of them are betting sites and other services being offered to the World Cup.

Source: Imperva

The campaign is being run on a botnet which pushes senseless messages into the comment section of WordPress websites. These messages are generated using a template that itself creates several versions of the same message so that it doesn’t look or sound the same.

Using spambots to push spam comments on various websites is an extremely old technique but we can observe here how it is still so effective. The spambot literally sprays comments on the same URI throughout the web, even on those resources that don’t have a comment section in place.

Source: Imperva

The botnet also uses URL shorteners and URL redirections to hide its actual destination. It includes 1200 unique IPs which is not a significant number, by any means.

Before the World Cup, the botnet was being used to execute remote code execution attacks but once the tournament began, the focus was shifted towards the spam comment campaign, affecting a number of WordPress websites.

“We found that the botnet advertised over 1000 unique URLs, most of them appear multiple times. In many cases, the botnet used different techniques such as URL redirection and URL-shortening services to mask the true destination of the advertised link.” Reported researchers at Imperva

The research also suggests that the botnet might be for hire. Websites hire botnets to advertise their links on various websites.

WordPress sites have often been a target of such attacks, mainly because it is the most popular CMS around. As a site owner, the burden lies on you to protect your website against these attacks.

One possible solution to this problem is installing a WordPress antispam plugin. Imperva itself uses these three anti-spam tools:

  • Identification of SPAMming IPs
  • Classification of SPAM tools and botnets
  • Detection of URLs advertised in comment SPAM

Create Faster WordPress Websites!

Free eBook on WordPress Performance right in your inbox.

    Create Faster WordPress Websites!

    Free eBook on WordPress Performance right in your inbox.

      Moeez is ‘The’ blogger in charge of WPblog. He loves to interact and learn about WordPress with people in the WordPress community. Outside his work life, Moeez spends time hanging out with his friends, playing Xbox and watching football on the weekends. You can get in touch with him at moeez[at]wpblog.com.



        WordPress Help Zone - Ultimate WordPress Pit-Stop

        Learning WordPress? Or are you expert enough to help others? Join our WP Facebook group!