The experts found that after the closure of the malicious website cloudflare [.] Solutions, with which hackers downloaded the cryptomayer Coinhive and later Keylogger on hacked WordPress sites, hackers registered three new domain names.
According to PublicWWW, at the moment, as a result of the new malicious attack, hackers infected more than 2000 WordPress sites.
The malicious site was quickly closed by the efforts of the experts and the registrar company, but the attackers, without a hitch, registered three new domains: cdjs [.] Online, cdns [.] Ws and msdns [.] Online. According to PublicWWW, currently about 300 different WordPress-sites have joined cdjs [.] Online and cdns [.] Ws, more than 1,8 thousand have been contacted to msdns [.] Online. In most cases, this is a re-infection of sites that were compromised last year.
The new attack on WordPress sites, according to experts, is less than last year. A large number of repeated infection sites indicate that many sites did not fix the vulnerabilities and did not increase their protection after the initial infection. It is possible that in some cases the infection simply went unnoticed.
To clean the site, we recommend scanning the website for possible infection, changing all WordPress passwords and updating all server software, including themes and plugins.